Now Reading: Mastering Persistent Context in M365
-
01
Mastering Persistent Context in M365
1
00:00:00,000 –> 00:00:03,120
Most organizations think co-pilot success is a prompting problem.
2
00:00:03,120 –> 00:00:06,240
If users just learn the right magic words, the model will behave.
3
00:00:06,240 –> 00:00:09,040
They’re wrong. Your prompts aren’t failing because people can’t write.
4
00:00:09,040 –> 00:00:12,320
They’re failing because the enterprise never built a place where intent can live,
5
00:00:12,320 –> 00:00:15,920
stay current and be governed. So co-pilot improvises, confidently.
6
00:00:15,920 –> 00:00:19,760
That’s how you get plausible nonsense, governance, debt, and decisions that take longer
7
00:00:19,760 –> 00:00:24,080
because nobody trusts the output. If you want fewer co-pilot demos and more architectural
8
00:00:24,080 –> 00:00:29,120
receipts, subscribe to the M365 FM podcast. In the next few minutes,
9
00:00:29,120 –> 00:00:34,480
this gets simple. A femoral context versus persistent context, where truth must live,
10
00:00:34,480 –> 00:00:40,720
and how control actually attaches. The foundational misunderstanding, co-pilot isn’t a chatbot.
11
00:00:40,720 –> 00:00:46,080
The core misconception is treating Microsoft 365 co-pilot like a chatbot with a nicer suit.
12
00:00:46,080 –> 00:00:50,000
A chatbot is basically, you ask, it answers the conversation, scrolls away,
13
00:00:50,000 –> 00:00:54,080
and the risk stays mostly personal. You got something wrong, you look silly, you move on.
14
00:00:54,080 –> 00:00:58,560
Co-pilot in the enterprise is not that. In architectural terms, co-pilot is an interaction layer
15
00:00:58,560 –> 00:01:03,280
sitting on top of three things you already run. Microsoft graph as the data surface,
16
00:01:03,280 –> 00:01:07,680
entra as the identity and authorization engine, and whatever governance you did,
17
00:01:07,680 –> 00:01:11,920
or didn’t, build with purview labels, retention, DLP, and policy.
18
00:01:11,920 –> 00:01:17,280
The model generates language, sure, but the system behavior is shaped by what it can retrieve,
19
00:01:17,280 –> 00:01:21,360
what it’s allowed to retrieve, and what signals exist to rank one source above another.
20
00:01:21,360 –> 00:01:26,640
That distinction matters. Because when co-pilot fails, it usually isn’t failing at language.
21
00:01:26,640 –> 00:01:30,720
It’s failing at selection. It’s pulling the wrong material from the wrong place with the wrong
22
00:01:30,720 –> 00:01:35,520
implied authority, and then writing it in a tone that sounds like it’s certain. That’s not a prompt
23
00:01:35,520 –> 00:01:39,840
problem. That’s a context architecture problem. This is why co-pilot looks incredible in demos,
24
00:01:39,840 –> 00:01:44,480
and then becomes mediocre inside your tenant. The demo environment has clean, curated sources,
25
00:01:44,480 –> 00:01:49,920
and tidy permissions. The retrieval universe is small, the content is recent, and there’s one obvious
26
00:01:49,920 –> 00:01:54,560
truth document. In your tenant, the retrieval universe is a landfill with an indexing service,
27
00:01:54,560 –> 00:01:59,040
and that means your prompt is operating inside a probabilistic system, even if you keep pretending
28
00:01:59,040 –> 00:02:03,440
it’s deterministic. Here’s the uncomfortable truth. The prompt doesn’t create truth. The prompt
29
00:02:03,440 –> 00:02:08,640
only steers, which fragments of your tenant co-pilot will consider while it manufactures a response.
30
00:02:08,640 –> 00:02:14,400
When that steering lacks strong constraints, authoritative sources, scoped context, clear intent,
31
00:02:14,400 –> 00:02:18,720
the model compensates with pattern completion. That’s where the confident fiction comes from.
32
00:02:18,720 –> 00:02:23,200
It’s not malicious. It’s just how generative models behave when they don’t have an anchor.
33
00:02:23,200 –> 00:02:27,120
So what do people do? They try to fix it with more prompt engineering. They invent frameworks.
34
00:02:27,120 –> 00:02:31,920
They write longer prompts. They create rules that actually work. And yes, sometimes that improves
35
00:02:31,920 –> 00:02:36,720
output because you’re adding constraints and context manually, but manual prompting doesn’t scale.
36
00:02:36,720 –> 00:02:41,280
It can’t. The enterprise is a distributed system. It’s a thousand teams, a million files,
37
00:02:41,280 –> 00:02:45,840
10 million permissions, and a governance model that slowly erodes because exceptions feel productive.
38
00:02:45,840 –> 00:02:50,400
Every exception is an entropy generator. Now add co-pilot.co-pilot doesn’t simplify that.
39
00:02:50,400 –> 00:02:55,200
Co-pilot accelerates it because it can produce polished outputs faster than your organization
40
00:02:55,200 –> 00:03:00,000
can validate them. And the first time a senior leader forwards a co-pilot generated answer as if
41
00:03:00,000 –> 00:03:04,080
it’s policy you’ve just converted a drafting assistant into an unofficial authority.
42
00:03:04,080 –> 00:03:07,920
You didn’t deploy an AI assistant. You deployed a distributed decision engine that speaks in
43
00:03:07,920 –> 00:03:12,080
complete sentences. Let’s make this obvious with one micro example. A user asks,
44
00:03:12,080 –> 00:03:17,440
what’s our rule for sending customer data to a vendor? In a healthy architecture, there’s a single
45
00:03:17,440 –> 00:03:22,560
authoritative policy source. It’s owned, labeled, current, and discoverable. Co-pilot retrieves it,
46
00:03:22,560 –> 00:03:27,680
sites it, and answers with boundaries. In the real enterprise that policy lives in three places.
47
00:03:27,680 –> 00:03:33,360
A PDF from 2021, a SharePoint page, someone edited last month, and a team’s message thread where
48
00:03:33,360 –> 00:03:39,040
legal said it depends and everyone ignored the rest. Co-pilot retrieves all of it, ranks something
49
00:03:39,040 –> 00:03:43,360
because it has more keywords and produces a smooth paragraph that sounds like compliance.
50
00:03:43,360 –> 00:03:47,840
The user didn’t get an answer. They got a statistically plausible synthesis of your organizational
51
00:03:47,840 –> 00:03:53,600
confusion. And now governance has a new enemy. Answers that look like decisions but have no receipts.
52
00:03:53,600 –> 00:03:58,720
This is where the deterministic versus probabilistic distinction matters. A deterministic system is
53
00:03:58,720 –> 00:04:03,760
one where the same input reliably produces the same governed outcome because the system has a
54
00:04:03,760 –> 00:04:08,800
stable source of truth and enforced constraints. Identity is consistent. Labels matter access
55
00:04:08,800 –> 00:04:15,040
boundaries are real. Content life cycle exists. A probabilistic system is one where outcomes drift
56
00:04:15,040 –> 00:04:20,400
because the retrieval set drifts. Permissions drift, content rods, duplicates, multiply, and
57
00:04:20,400 –> 00:04:25,280
co-pilot politely pretends it all makes sense. Most organizations are running co-pilot as a probabilistic
58
00:04:25,280 –> 00:04:29,680
system and then blaming users for not being deterministic enough with prompts. So no, co-pilot
59
00:04:29,680 –> 00:04:34,800
isn’t a chatbot. It’s closer to an authorization aware retrieval and reasoning pipeline wrapped in
60
00:04:34,800 –> 00:04:40,400
a chat UI. It is a compiler that takes your intent, pulls in whatever context it can legally see,
61
00:04:40,400 –> 00:04:45,360
and outputs a plausible artifact, which means the control plane is not the prompt. The control plane
62
00:04:45,360 –> 00:04:51,040
is context. What exists? Where it lives? Who owns it? How it’s labeled? How it’s updated? And how
63
00:04:51,040 –> 00:04:55,200
it’s constrained? Once you see co-pilot that way, the rest of this episode becomes painfully
64
00:04:55,200 –> 00:04:59,520
straightforward. And it explains why co-pilot notebooks exist at all. Because if you don’t give
65
00:04:59,520 –> 00:05:04,400
the system a governed container for persistent intent, you’ll keep doing what humans always do.
66
00:05:04,880 –> 00:05:09,920
You’ll keep trying to solve an architectural problem with better typing, persistent context,
67
00:05:09,920 –> 00:05:15,520
what it is, and what it is not. Persistent context is not a feature. It’s a design decision.
68
00:05:15,520 –> 00:05:19,760
It’s the choice to stop treating what the model should know as a side effect of whatever happens
69
00:05:19,760 –> 00:05:25,600
to be open, recent, or popular in the graph. And instead, build a curated, governable context set
70
00:05:25,600 –> 00:05:31,680
that can survive more than one conversation. In simple terms, persistent context is reusable intent
71
00:05:31,680 –> 00:05:36,800
plus reusable sources. Intent means the constraints you keep retiping today. Scope, assumptions,
72
00:05:36,800 –> 00:05:42,080
definitions, tone, required output format, and the explicit do not do this exclusions.
73
00:05:42,080 –> 00:05:46,960
Sources means the documents, pages, and records you’re willing to treat as input to a decision.
74
00:05:46,960 –> 00:05:53,200
Not helpful reading inputs. When those two things persist, co-pilot stops acting like a slot machine.
75
00:05:53,200 –> 00:05:57,520
It starts acting like a system. Now, what persistent context is not? It is not chat history.
76
00:05:57,520 –> 00:06:04,080
Chat history is an audit trail of what was said, not a stable substrate of truth. It’s messy by nature.
77
00:06:04,080 –> 00:06:09,280
Half-formed questions, wrong turns, speculative answers, and good enough for now drafts.
78
00:06:09,280 –> 00:06:15,280
Treating chat history as institutional knowledge is how bad outputs fossilise into future mistakes.
79
00:06:15,280 –> 00:06:20,560
Persistent context is also not personal memory. Some tools offer “remember my preferences”.
80
00:06:20,560 –> 00:06:24,800
So that’s personalization, not governance. It might make responses feel smoother,
81
00:06:24,800 –> 00:06:28,480
but it doesn’t solve enterprise truth, accountability, or policy enforcement.
82
00:06:28,480 –> 00:06:31,520
If co-pilot remembers that a user likes concise answers fine.
83
00:06:31,520 –> 00:06:35,840
If it remembers how your finance policy works, you’ve just invented an unofficial policy store
84
00:06:35,840 –> 00:06:39,920
with no owner and no change control. That is not architecture. That is entropy with a smile.
85
00:06:39,920 –> 00:06:45,440
And it’s definitely not whatever I had open. This is the most common illusion in co-pilot usage,
86
00:06:45,440 –> 00:06:50,320
the belief that proximity equals authority. The deck you are reading, the email you skimmed,
87
00:06:50,320 –> 00:06:53,920
the meeting recap you forgot you joined. None of that is authoritative by default.
88
00:06:53,920 –> 00:06:58,560
It’s merely a Jason. Co-pilot can retrieve a Jason. It cannot infer intent from a Jason C.
89
00:06:58,560 –> 00:07:03,920
The system doesn’t know if that slide deck is final draft or a dead end someone sent to get you off their back.
90
00:07:03,920 –> 00:07:08,080
So persistent context needs to be treated as an asset class. That distinction matters because
91
00:07:08,080 –> 00:07:13,120
assets have owners. They have life cycles. They have review cadences. They have audit expectations.
92
00:07:13,120 –> 00:07:17,760
If you want co-pilot outputs to be stable enough to trust, the context feeding those outputs
93
00:07:17,760 –> 00:07:21,920
has to be stable enough to defend. You can’t defend a pile of links. You defend a curated
94
00:07:21,920 –> 00:07:26,560
corpus with explicit intent. This is also where enterprises accidentally build the opposite. They
95
00:07:26,560 –> 00:07:31,760
build context by accumulation, not by design. Someone creates a team, then a channel, then a sharepoint
96
00:07:31,760 –> 00:07:38,160
site, then a folder, then five copies of the same PowerPoint with different final V7 real final names.
97
00:07:38,160 –> 00:07:42,960
Then loop components start living in chats and meeting notes and pages copied around like confetti.
98
00:07:42,960 –> 00:07:47,840
Then people bookmark things, then people stop updating things. Then everyone assumes the latest is
99
00:07:47,840 –> 00:07:52,640
whatever they touched most recently. That is not persistent context. That’s context sprawl pretending
100
00:07:52,640 –> 00:07:57,440
to be knowledge and it gets worse because co-pilot is polite. It will answer anyway. It will synthesize
101
00:07:57,440 –> 00:08:01,760
the sprawl into something coherent sounding even when the underlying material contradicts itself.
102
00:08:01,760 –> 00:08:06,320
The enterprise interprets coherence as correctness. It isn’t. Persistent context requires a boundary.
103
00:08:06,320 –> 00:08:10,720
A boundary is a deliberate reduction in the retrieval universe. It’s saying, for this domain,
104
00:08:10,720 –> 00:08:15,120
these are the sources that count and these are the instructions that define how to interpret them.
105
00:08:15,120 –> 00:08:19,200
That’s why notebooks are interesting. Not because they’re one note on steroids but because they
106
00:08:19,200 –> 00:08:24,720
represent a container where you can bind sources and intent together repeatedly with traceability.
107
00:08:24,720 –> 00:08:29,200
You can keep the same constraints and the same references and iterate outputs without
108
00:08:29,200 –> 00:08:34,080
relitigating what truth even means. But persistent context also implies governance has somewhere to
109
00:08:34,080 –> 00:08:39,600
attach. If the source set is curated, labels and retention policies matter, access boundaries matter,
110
00:08:39,600 –> 00:08:44,560
ownership matters, review cadence matters, and when something changes. Policy updates,
111
00:08:44,560 –> 00:08:49,760
vendor changes, regulatory changes. You can update the context asset and know what downstream
112
00:08:49,760 –> 00:08:56,080
reasoning environments depend on it. In other words, persistent context turns prompting into configuration.
113
00:08:56,080 –> 00:09:01,440
And yes, that scares people because configuration implies responsibility. Good. Because the alternative
114
00:09:01,440 –> 00:09:06,560
is what you already have. A probabilistic system producing confident fiction at enterprise scale.
115
00:09:06,560 –> 00:09:11,760
Next, the first failure mode shows up immediately. Co-pilot hallucinating policy enforcement because
116
00:09:11,760 –> 00:09:17,360
the enterprise never placed policy where it can be retrieved as truth. Failure mode one hallucinated
117
00:09:17,360 –> 00:09:21,600
policy enforcement. This failure mode is the one that makes auditors sweat because it doesn’t look
118
00:09:21,600 –> 00:09:26,800
like a security incident. It looks like help. Someone asks co-pilot a policy-shaped question.
119
00:09:26,800 –> 00:09:31,680
Co-pilot responds in a policy-shaped tone and the organization treats the answer as policy because
120
00:09:31,680 –> 00:09:37,040
it sounds clean, complete, and confident. The system didn’t enforce anything. It narrated something.
121
00:09:37,040 –> 00:09:41,600
That distinction matters. Halucinated policy enforcement happens when a generative system
122
00:09:41,600 –> 00:09:45,920
gets asked to behave like a rule engine, but you never gave it an authoritative rule source that
123
00:09:45,920 –> 00:09:51,200
the retrieval pipeline can consistently anchor to. So it does what it was built to do. It synthesizes
124
00:09:51,200 –> 00:09:56,160
patterns from whatever it can see. It writes a plausible policy paragraph by stitching together
125
00:09:56,160 –> 00:10:00,880
fragments of old guidance, partial exceptions, and whatever happens to be keyword dense.
126
00:10:00,880 –> 00:10:05,360
And because it’s written in adult sentences, people stop questioning it. The most common trigger is
127
00:10:05,360 –> 00:10:12,880
a question that has the shape of governance. Are we allowed to? What’s the rule for, do we need approval
128
00:10:12,880 –> 00:10:18,640
if what label do we apply to? Can I share this with a vendor? These questions are not about content.
129
00:10:18,640 –> 00:10:22,400
They’re about decisions. They’re requests for boundaries. In a well-designed enterprise,
130
00:10:22,400 –> 00:10:27,120
those boundaries live in one of two places and enforced control in the platform or an authoritative
131
00:10:27,120 –> 00:10:33,920
policy artifact with ownership, life cycle, and semantic stability, ideally both. In most enterprises,
132
00:10:33,920 –> 00:10:39,120
those boundaries live in a PDF, nobody owns, a SharePoint page, everybody edits, a team’s thread
133
00:10:39,120 –> 00:10:44,400
where someone said fine, and a training deck that’s now wrong. Four sources, four levels of authority,
134
00:10:44,400 –> 00:10:50,000
zero enforced hierarchy. So co-pilot picks one or blends them or worse,
135
00:10:50,000 –> 00:10:54,800
invents the missing glue. Here’s what makes this failure mode lethal. Co-pilot often doesn’t
136
00:10:54,800 –> 00:10:59,520
hallucinate random facts. It hallucinates governance. It hallucinates certainty. It hallucinates
137
00:10:59,520 –> 00:11:03,920
the existence of a rule that the enterprise wishes it had. That’s how you end up with compliance by
138
00:11:03,920 –> 00:11:09,200
autocomplete. And yes, the model can cite sources that doesn’t save you. Citations often validate that
139
00:11:09,200 –> 00:11:13,760
co-pilot read something, not that what it read is current, authoritative, or even internally consistent.
140
00:11:13,760 –> 00:11:18,000
If the citations point to the wrong truth, you’ve just built a more confident delivery mechanism
141
00:11:18,000 –> 00:11:21,920
for the wrong decision. This is why policy content can’t be treated as just more content.
142
00:11:21,920 –> 00:11:26,480
Policy is a control plane artifact. A policy statement without control change is not a policy.
143
00:11:26,480 –> 00:11:30,800
It’s a suggestion that rots. A policy statement without ownership is not a policy. It’s a rumor with
144
00:11:30,800 –> 00:11:35,840
a URL. A policy statement without enforced semantics is not a policy. It’s a paragraph that competes
145
00:11:35,840 –> 00:11:40,240
with every other paragraph in your tenant. And the enterprise loves paragraphs. So this failure
146
00:11:40,240 –> 00:11:45,520
mode shows up in predictable places. HR asks about leave, discipline, or hiring rules. The policy
147
00:11:45,520 –> 00:11:51,280
lives in a handbook PDF from two reogs ago and a half updated internet page. Co-pilot answers
148
00:11:51,280 –> 00:11:56,800
like it’s the HR director and the manager forwards it to an employee. Now the organization has created
149
00:11:56,800 –> 00:12:01,920
a human impact event with no authoritative anchor. Security asks about data classification and
150
00:12:01,920 –> 00:12:07,600
sharing. The real rules live partly in purview labels in DLP, partly in a standard document,
151
00:12:07,600 –> 00:12:12,880
and partly in what we’ve always done. Co-pilot answers with a blended story. The user follows it.
152
00:12:12,880 –> 00:12:17,680
You get oversharing or you get unnecessary blockage and both outcomes create operational drag.
153
00:12:17,680 –> 00:12:22,560
Procurement asks about vendor onboarding. There’s a process doc, a service now workflow,
154
00:12:22,560 –> 00:12:27,840
and a set of exceptions that were approved last year under pressure. Co-pilot returns a neat checklist
155
00:12:27,840 –> 00:12:32,880
that omits the exceptions or incorrectly normalizes them. Now teams either bypass the workflow or
156
00:12:32,880 –> 00:12:37,360
assume it’s optional. The root cause is boring. You never place truth where co-pilot can retrieve it
157
00:12:37,360 –> 00:12:41,200
with predictable authority. Instead you spread governance across convenient locations,
158
00:12:41,200 –> 00:12:45,920
PDFs in random libraries, email attachments, share point pages with no change control,
159
00:12:45,920 –> 00:12:51,920
and chats that feel authoritative because someone’s senior typed them. Co-pilot then behaves exactly
160
00:12:51,920 –> 00:12:57,520
like the retrieval system it is. It ranks, it samples, it synthesizes, it cannot enforce intent,
161
00:12:57,520 –> 00:13:02,320
you never encoded, so the fix isn’t, train users to prompt better. That’s how the enterprise
162
00:13:02,320 –> 00:13:07,440
absorbs itself and keeps the same architecture. The fix is to treat policy as something the system
163
00:13:07,440 –> 00:13:12,800
must be able to ground in. A single own source, a stable publishing model, and clear boundaries
164
00:13:12,800 –> 00:13:19,440
between policy, guidance, and discussion. If you can’t separate those, co-pilot won’t either,
165
00:13:19,440 –> 00:13:23,840
and once policy has an authoritative home, you still have one more job. Make sure co-pilot
166
00:13:23,840 –> 00:13:28,240
can’t treat everything else as equal. That means the next section because the real problem isn’t
167
00:13:28,240 –> 00:13:32,800
that co-pilot can’t find information, it’s that the enterprise never decided where truth is allowed
168
00:13:32,800 –> 00:13:38,880
to live. Where truth must live, authoritative sources versus convenient sources. The enterprise
169
00:13:38,880 –> 00:13:45,040
keeps pretending authoritative is a vibe, it isn’t. Authoritative means three boring things that almost
170
00:13:45,040 –> 00:13:51,120
nobody implements. Control change, single ownership, and predictable semantics. Control change means
171
00:13:51,120 –> 00:13:56,240
updates follow an explicit process, not whoever had edited rights and caffeine. Single ownership means
172
00:13:56,240 –> 00:14:01,120
one accountable role can answer who approved this and when, without a treasure hunt. Predicable
173
00:14:01,120 –> 00:14:06,400
semantics means the content uses stable terms and definitions, so the system can retrieve and
174
00:14:06,400 –> 00:14:11,360
interpret it consistently. Convenient sources fail all three. Convenient sources are whatever is
175
00:14:11,360 –> 00:14:16,480
close at hand, a slide deck, a team’s message, a meeting recap, a sharepoint page that became a
176
00:14:16,480 –> 00:14:22,080
dumping ground, the policy folder that contains 400 files, and the word doc someone attached to an
177
00:14:22,080 –> 00:14:27,680
email five quarters ago. Convenience produces volume. Volume produces ambiguity, ambiguity produces
178
00:14:27,680 –> 00:14:32,400
retrieval drift, and retrieval drift produces co-pilot answers that sound decisive while being
179
00:14:32,400 –> 00:14:37,760
structurally untrustworthy. So when people ask where should truth live, the answer isn’t sharepoint.
180
00:14:37,760 –> 00:14:42,480
Sharepoint is a file and page platform. It’s not an authority model. Authorities what you build on top,
181
00:14:42,480 –> 00:14:47,600
permissions, publishing workflows, page ownership, change control, and life cycle. Without those,
182
00:14:47,600 –> 00:14:52,560
Sharepoint becomes a sprawl engine with a nice UI. The same is true for teams. Teams is not a knowledge
183
00:14:52,560 –> 00:14:57,040
system. It’s a high velocity conversation system with permanent storage side effects. Treating
184
00:14:57,040 –> 00:15:01,680
teams’ messages as policy is like treating hallway gossip as a contractual term. It may reflect
185
00:15:01,680 –> 00:15:06,800
reality. It may also reflect one person’s confidence during a bad week. That distinction matters,
186
00:15:06,800 –> 00:15:11,840
because co-pilot doesn’t know which of these is truth. It knows which is retrievable. It knows which
187
00:15:11,840 –> 00:15:16,000
matches the prompt. It knows which has the right keywords, and it knows which you have access to.
188
00:15:16,000 –> 00:15:21,120
That’s it. If you don’t encode authority, co-pilot will synthesize convenience. So the architecture
189
00:15:21,120 –> 00:15:26,160
decision you need is a placement model. Policy must live where change is controlled and semantics
190
00:15:26,160 –> 00:15:30,880
are stable. Guidance can live where it’s consumable and contextual. Discussion can live where it’s
191
00:15:30,880 –> 00:15:35,200
fast and disposable. And those three must not compete as equals. Here’s a pragmatic split that
192
00:15:35,200 –> 00:15:39,760
actually holds up. If it’s an enforceable rule, classification requirements, retention requirements,
193
00:15:39,760 –> 00:15:44,320
external sharing constraints, mandatory approvals, then it needs a home that behaves like a control
194
00:15:44,320 –> 00:15:50,080
play and artifact. That usually means a formally published policy set with versioning, ownership,
195
00:15:50,080 –> 00:15:55,120
and review cadence plus enforcement in platform controls where possible. Per view doesn’t store
196
00:15:55,120 –> 00:15:59,920
all your policy, but it does express policy as label taxonomy, retention, and DLP behaviors.
197
00:15:59,920 –> 00:16:04,320
That’s the point. It turns narrative rules into machine-inforcible constraints.
198
00:16:04,320 –> 00:16:08,400
If it’s operational guidance, how to do the thing inside your organization, who to contact,
199
00:16:08,400 –> 00:16:12,640
what templates to use, then a curated SharePoint knowledge base can work, but only if it’s treated
200
00:16:12,640 –> 00:16:18,640
like a product. Page owners, publishing approvals, and explicit last-reviewed discipline. If pages
201
00:16:18,640 –> 00:16:22,800
don’t have owners, they’re not guidance. They’re content that decays. If it’s interpretation,
202
00:16:22,800 –> 00:16:27,760
negotiation, exception handling, or what we think that belongs in chat meetings and threads,
203
00:16:27,760 –> 00:16:32,960
high velocity, low authority. And ideally, with a path to promote the outcome into a governed artifact
204
00:16:32,960 –> 00:16:37,120
when it becomes real, because the enterprise always does the opposite. It stores policy as PDFs
205
00:16:37,120 –> 00:16:41,920
because that’s how legal likes it. It stores guidance as decks because that’s how training works.
206
00:16:41,920 –> 00:16:47,360
It stores decisions as chat messages because that’s where we were talking. Then it wonders why
207
00:16:47,360 –> 00:16:52,720
co-pilot can’t tell policy from opinions. The system can’t separate what you refuse to separate.
208
00:16:52,720 –> 00:16:56,960
Now connect that back to co-pilot notebooks. A notebook is not where truth should originate. It’s
209
00:16:56,960 –> 00:17:01,680
not your policy store. It’s not your compliance system. It’s a context container that points at truth,
210
00:17:01,680 –> 00:17:07,200
binds it to intent, and makes the system behave predictably for a defined domain. That means the
211
00:17:07,200 –> 00:17:11,200
notebook is downstream of truth placement. If you feed it convenient sources, it will produce
212
00:17:11,200 –> 00:17:15,920
convenient answers. If you feed it authoritative sources, you get outputs, you can defend.
213
00:17:15,920 –> 00:17:19,840
Not because co-pilot got smarter, but because you narrowed the retrieval universe to
214
00:17:19,840 –> 00:17:25,200
sources with actual governance semantics. And yes, this forces a decision leaders hate.
215
00:17:25,600 –> 00:17:30,240
You can’t declare single source of truth as a slogan. You have to pay for it with ownership,
216
00:17:30,240 –> 00:17:35,120
control change, and removal of duplicates. So the rule is blunt. If the content changes decisions
217
00:17:35,120 –> 00:17:39,600
later, it must have an authoritative home. If it doesn’t, co-pilot will happily invent the missing
218
00:17:39,600 –> 00:17:44,400
authority for you. Next, the failure mode that follows truth placement is just as predictable.
219
00:17:44,400 –> 00:17:49,760
Once you stop hallucinated policy, you run headfirst into context sprawl pretending to be knowledge.
220
00:17:49,760 –> 00:17:52,240
Failure mode 2. Context sprawl
221
00:17:53,360 –> 00:17:58,400
Masquerading as knowledge. Once truth is placed, the next failure shows up anyway, because most
222
00:17:58,400 –> 00:18:02,960
tenants don’t fail from missing information. They fail from too much information with no authority
223
00:18:02,960 –> 00:18:07,440
gradient. This is the part where leaders say, but we have SharePoint, we have Teams, we have OneDrive,
224
00:18:07,440 –> 00:18:11,920
we have everything in Microsoft 365. Correct, you have everything. That’s the problem.
225
00:18:11,920 –> 00:18:17,200
Context sprawl masquerading as knowledge is what happens when the enterprise treats volume as
226
00:18:17,200 –> 00:18:22,160
coverage. The graph becomes a dumping ground of near duplicates, half finished drafts,
227
00:18:22,160 –> 00:18:27,520
abandoned project sites and temporary workspaces that never die. Co-pilot doesn’t see a knowledge base,
228
00:18:27,520 –> 00:18:32,400
it sees a retrieval universe, and in a sprawl universe relevance collapses. The system starts
229
00:18:32,400 –> 00:18:37,040
ranking what’s popular, recent keyword dense, or simply easier to pass, not what’s correct.
230
00:18:37,040 –> 00:18:41,360
Over time, you aren’t just losing accuracy. You’re losing semantic stability. The same question
231
00:18:41,360 –> 00:18:45,600
asks two months apart produces two different answers because the underlying document landscape
232
00:18:45,600 –> 00:18:50,480
shifted. That’s not intelligence, that’s drift. Teams accelerates this because it creates content
233
00:18:50,480 –> 00:18:54,560
faster than governance can classify it. Every new team provisions a SharePoint side, every channel
234
00:18:54,560 –> 00:18:59,760
generates files, meeting artifacts and recordings. Every chat now leaks loop components into existence,
235
00:18:59,760 –> 00:19:04,080
and loop components are especially efficient entropy generators because they feel lightweight,
236
00:19:04,080 –> 00:19:09,360
shareable and harmless. They are not harmless. They’re fragments of truth that can be copied into
237
00:19:09,360 –> 00:19:14,320
10 places without the discipline of a single owner, a single version, or a life cycle. Copy
238
00:19:14,320 –> 00:19:18,960
becomes the default behavior. Reference becomes the exception. And the moment copy becomes normal,
239
00:19:18,960 –> 00:19:23,680
you’ve lost deterministic outcomes. SharePoint sprawl works the same way. People treat SharePoint
240
00:19:23,680 –> 00:19:28,720
sites like project rooms, then forget to close the door when the project ends. They keep the permissions,
241
00:19:28,720 –> 00:19:32,960
they keep the content, they keep the final deck that was final for that week, then a new project
242
00:19:32,960 –> 00:19:38,880
spins up and someone copies the old content because it’s close enough, co-pilot then retrieves both,
243
00:19:38,880 –> 00:19:43,840
because both are true in the sense that they exist. And this is where the enterprise’s favorite lie
244
00:19:43,840 –> 00:19:49,920
shows up again. Search will handle it. Search can rank. Search cannot establish authority. Search
245
00:19:49,920 –> 00:19:54,480
can’t tell you which deck represents the current operating model, which page reflects policy,
246
00:19:54,480 –> 00:19:59,520
and which document was a political compromise that nobody implemented. Search returns candidates.
247
00:19:59,520 –> 00:20:04,240
Co-pilot then reasons over those candidates and generates a smooth answer that hides the ambiguity
248
00:20:04,240 –> 00:20:09,360
you should have seen, so sprawl doesn’t just degrade accuracy. It degrades accountability.
249
00:20:09,360 –> 00:20:14,960
When the answer is wrong, nobody can explain why the system chose those sources, or why the real document
250
00:20:14,960 –> 00:20:20,560
didn’t win. And the usual response is predictable. Someone creates yet another deck, this time titled
251
00:20:20,560 –> 00:20:25,840
co-pilot guidance, and drops it into yet another site, entropy responds with gratitude.
252
00:20:25,840 –> 00:20:32,400
Now, the most dangerous part of context sprawl is that it creates false confidence through repetition.
253
00:20:32,400 –> 00:20:37,440
If the wrong document gets copied into enough places, it starts to dominate retrieval. It becomes
254
00:20:37,440 –> 00:20:41,840
the statistically likely answer, people see it more often, they quote it more. It becomes what everyone
255
00:20:41,840 –> 00:20:47,200
knows. That is not consensus. That is document replication. And it creates a nasty feedback loop.
256
00:20:47,200 –> 00:20:52,400
Co-pilot surfaces the replicated content, uses trusted because it looks familiar, and then they
257
00:20:52,400 –> 00:20:57,200
propagate it further by pasting it into new artifacts. You’ve just built mimetic drift into your
258
00:20:57,200 –> 00:21:03,120
operating model. This is also why just add more sources is a trap. Ragn design’s collapse at enterprise
259
00:21:03,120 –> 00:21:08,160
scale when the source set becomes a soup. More sources do not mean more truth. They mean more candidates,
260
00:21:08,160 –> 00:21:13,520
and more candidates means more ranking noise. The retrieval engine must pick something, and it will
261
00:21:13,520 –> 00:21:18,000
pick what the signals reward, not what your governance team intended. If you want reliable answers,
262
00:21:18,000 –> 00:21:22,480
you need to shrink the universe, not expand it, which means you need to treat content pathways
263
00:21:22,480 –> 00:21:27,520
as managed systems, where content is allowed to live, how it gets promoted from discussion to guidance
264
00:21:27,520 –> 00:21:33,680
to policy, and how duplicates get killed on contact. If you don’t kill duplicates, you are explicitly
265
00:21:33,680 –> 00:21:38,560
choosing probabilistic outcomes. And this is why the notebook container matters again. Notebooks don’t
266
00:21:38,560 –> 00:21:43,120
magically fix sprawl. They don’t clean your tenant. What they can do is create an intentional boundary.
267
00:21:43,120 –> 00:21:49,040
For this domain, these sources count. That’s a design move against sprawl. It’s context narrowing as
268
00:21:49,040 –> 00:21:53,680
a control. But if you don’t also manage life cycle, freshness, ownership, review cadence,
269
00:21:53,680 –> 00:21:59,440
then the notebook just becomes a curated landfill. A smaller landfill, still a landfill. So failure mode
270
00:21:59,440 –> 00:22:04,160
number two is not users being messy. It’s the platform doing exactly what it was built to do,
271
00:22:04,160 –> 00:22:09,040
enable creation at scale with governance, lagging behind, copilot then retrieves at scale with your
272
00:22:09,040 –> 00:22:14,320
ambiguity baked in. Next, the predictable consequence, context rot. Stairness is not a content problem.
273
00:22:14,320 –> 00:22:19,120
It’s a security control problem. Life cycle as a security control, context rot is predictable.
274
00:22:19,120 –> 00:22:23,680
Context rot isn’t an accident. It’s not people forgot. It’s the predictable outcome of letting
275
00:22:23,680 –> 00:22:28,720
information persist without a life cycle. Enterprises love retention because retention feels like control.
276
00:22:28,720 –> 00:22:35,200
Keep everything. Never delete. Auditors nod. Legal relaxes. Storage is cheap until it isn’t.
277
00:22:35,200 –> 00:22:39,600
But retention is not the same thing as usefulness and it’s definitely not the same thing as truth.
278
00:22:39,600 –> 00:22:44,800
Retention preserves artifacts. Truth requires maintenance. And the moment copilot enters the environment,
279
00:22:44,800 –> 00:22:49,200
staleness becomes a first-class risk. Not because all documents exist but because all documents get
280
00:22:49,200 –> 00:22:54,000
retrieved, they become inputs to new decisions that turns outdated guidance into an operational
281
00:22:54,000 –> 00:22:58,880
vulnerability. This is where most organizations make a foundational category error. They treat
282
00:22:58,880 –> 00:23:03,760
freshness as a content quality issue when it’s actually a control plane issue. If a document can change
283
00:23:03,760 –> 00:23:08,640
a decision then staleness is a security problem because an outdated policy description can produce
284
00:23:08,640 –> 00:23:14,560
an unauthorized action. An old vendor on boarding process can bypass new risk controls. An old
285
00:23:14,560 –> 00:23:19,760
exception can resurrect a closed loophole. And copilot will do this politely. In perfect grammar with
286
00:23:19,760 –> 00:23:25,360
citations. So life cycle has to be designed not hoped for. Life cycle means three things. Ownership,
287
00:23:25,360 –> 00:23:31,440
review cadence and deprecation behavior. Ownership is not the site owner. Ownership is the person or role
288
00:23:31,440 –> 00:23:36,320
accountable for correctness over time. Someone who can say yes this is still valid. No, that’s been
289
00:23:36,320 –> 00:23:41,440
superseded. Here’s the replacement. Without that content becomes a permanent maybe. Review cadence is
290
00:23:41,440 –> 00:23:46,400
the second part leaders avoid because it sounds like work. It is work. That’s the point. If the
291
00:23:46,400 –> 00:23:51,600
information affects regulatory exposure, security posture or financial decisions then the review cadence
292
00:23:51,600 –> 00:23:56,640
needs to match the risk. Quarterly for high-risk policies. Same annual for operational standards.
293
00:23:56,640 –> 00:24:00,800
Annual for low-impact guidance. Not because those intervals are magical but because time kills
294
00:24:00,800 –> 00:24:05,600
accuracy. Deprecation behavior is the part almost nobody implements. Most tenants don’t have a
295
00:24:05,600 –> 00:24:10,480
clean. This is obsolete pattern. They just stop linking to the old thing and hope it dies. It doesn’t
296
00:24:10,480 –> 00:24:15,120
die. Search still finds it. Copilot still retrieves it. People still share it. The artifact becomes
297
00:24:15,120 –> 00:24:20,960
undead. No longer maintained. Still influential. That’s context rot. And it’s predictable because
298
00:24:20,960 –> 00:24:26,880
ownership decays in the same pattern every time. Week one. The project has energy. The notebook or
299
00:24:26,880 –> 00:24:31,520
site looks curated. The links are clean. The instructions are explicit. Everyone agrees this will be
300
00:24:31,520 –> 00:24:36,640
the place. Week three. The owner changes roles or takes PTO or gets pulled into the next fire.
301
00:24:36,640 –> 00:24:41,840
Updates slow down. People add just one more document without pruning. Nobody removes duplicates because
302
00:24:41,840 –> 00:24:47,760
removal feels political. Week six. The notebook of record becomes the notebook of convenience.
303
00:24:47,760 –> 00:24:51,840
It still exists but it no longer represents current truth. It represents the last moment
304
00:24:51,840 –> 00:24:56,320
anyone cared enough to curate it. Then Copilot arrives and treats it as equal to everything else.
305
00:24:56,320 –> 00:25:00,880
That’s how you get drift inside the very container you built to stop drift. Now layer retention policies
306
00:25:00,880 –> 00:25:05,520
on top because this is where the enterprise confuses compliance with correctness. Records retention
307
00:25:05,520 –> 00:25:11,360
answers. Can we prove we kept it? It does not answer should we still use it? In fact retention often
308
00:25:11,360 –> 00:25:16,240
guarantees that obsolete material stays available longer than it stays accurate. So the platform
309
00:25:16,240 –> 00:25:20,320
faithfully preserves a record and Copilot faithfully retrieves it and you faithfully make a bad
310
00:25:20,320 –> 00:25:25,920
decision faster. That is not governance. That is automated nostalgia. So life cycle needs to be treated
311
00:25:25,920 –> 00:25:31,040
as a security control specifically for AI assisted work. You’re not managing documents. You’re
312
00:25:31,040 –> 00:25:36,800
managing decision inputs and that means life cycle has to attach to the context pathway not to individual
313
00:25:36,800 –> 00:25:41,280
user habits. You can’t train a million users to remember which file is stale. You can build a
314
00:25:41,280 –> 00:25:46,080
system where stale sources get flagged, demoted or removed from the reasoning environment entirely.
315
00:25:46,080 –> 00:25:50,720
That’s why persistent context without life cycle is just a slower version of chat sprawl. It last
316
00:25:50,720 –> 00:25:55,920
longer. It fails later. And it fails with more confidence because everyone assumes persistence implies
317
00:25:55,920 –> 00:26:00,960
validity. So the actual rule is unpleasantly simple. If you want persistent context you need
318
00:26:00,960 –> 00:26:06,000
persistent stewardship. A maintained source set named owners review triggers clear deprecation and
319
00:26:06,000 –> 00:26:10,640
you need a container that can hold intent alongside sources so the constraints don’t rot separately
320
00:26:10,640 –> 00:26:14,800
from the documents because files alone don’t carry intent. They just carry words.
321
00:26:14,800 –> 00:26:21,680
That container is why notebooks exist. Why Copilot notebooks exist? The container for managed
322
00:26:21,680 –> 00:26:27,520
context. Copilot notebooks exist because Microsoft finally ran into the same wall every enterprise
323
00:26:27,520 –> 00:26:33,440
hits. Chat is an interface, not a system. Chat is good at one thing. Ephemeral interaction
324
00:26:33,440 –> 00:26:38,160
ask answer move on but enterprises keep trying to use chat to do persistent work.
325
00:26:38,160 –> 00:26:42,560
Policy interpretation, architectural standards, project delivery, operating procedures,
326
00:26:42,560 –> 00:26:47,120
risk decisions and executive briefings. Those aren’t conversations. Those are repeatable reasoning
327
00:26:47,120 –> 00:26:52,000
problems and repeatable reasoning needs a container. A Copilot notebook is that container.
328
00:26:52,000 –> 00:26:56,720
A managed context workspace where sources and intent are bound together long enough to matter.
329
00:26:56,720 –> 00:27:01,680
Not just for a single prompt for an entire decision thread that spans days, weeks and multiple people.
330
00:27:01,680 –> 00:27:06,960
This is the part most people miss. Notebooks are not primarily about better prompting.
331
00:27:06,960 –> 00:27:11,760
They’re about shrinking the retrieval universe on purpose. In the M365 ecosystem,
332
00:27:11,760 –> 00:27:17,120
Copilot can potentially retrieve from a huge surface area. Mail, calendars, files,
333
00:27:17,120 –> 00:27:22,560
SharePoint sites, Teams chats, meetings, loop components and whatever else the graph can see.
334
00:27:22,560 –> 00:27:26,960
That scale is the selling point. It’s also the failure mode because when the universe is too large,
335
00:27:26,960 –> 00:27:31,600
ranking becomes guesswork, guesswork becomes drift. Drift becomes why did it answer that?
336
00:27:31,600 –> 00:27:34,880
A notebook is an architectural hack against that drift. It says,
337
00:27:34,880 –> 00:27:39,440
for this work stream, these are the sources that count. And then it keeps them attached to the interaction
338
00:27:39,440 –> 00:27:43,440
so users don’t have to re-ground every prompt like they’re pleading with a goldfish.
339
00:27:43,440 –> 00:27:48,160
But notebooks are more than a bucket of references. They’re also a place to persist instructions.
340
00:27:48,160 –> 00:27:52,160
What the enterprise keeps calling prompting frameworks. But what architects should
341
00:27:52,160 –> 00:27:57,600
recognize as intent constraints? Definitions, exclusions, formatting requirements,
342
00:27:57,600 –> 00:28:03,200
escalation rules and how to behave when sources conflict. This matters because ambiguity is the
343
00:28:03,200 –> 00:28:07,520
default state of enterprise content. So the notebook becomes a kind of authorization aware
344
00:28:07,520 –> 00:28:12,640
reasoning sandbox. You can’t make Copilot omniscient, but you can make it predictable inside a scoped
345
00:28:12,640 –> 00:28:16,960
domain. Now compare the roles because this is where tool misuse becomes inevitable. Copilot chat
346
00:28:16,960 –> 00:28:22,080
is for speed. It’s the place where people ask, catch me up, summarize a draft. What’s the status?
347
00:28:22,080 –> 00:28:27,520
And turn this into something readable. It’s disposable. High velocity. Low guarantees.
348
00:28:27,520 –> 00:28:34,000
Pages, loop pages are for collaborative synthesis. They’re the artifact you publish when you’re done
349
00:28:34,000 –> 00:28:39,360
exploring. A page is where a team turns messy thinking into a consumable output. A brief, a plan,
350
00:28:39,360 –> 00:28:44,320
a set of notes, a table, a checklist. It’s the thing you share broadly. Agents are for execution.
351
00:28:44,320 –> 00:28:48,800
When the problem stops being produce an answer and starts being performer workflow, agents matter.
352
00:28:48,800 –> 00:28:53,040
They are the bridge into systems of action where the output becomes a ticket, a task, a record,
353
00:28:53,040 –> 00:28:56,960
or an automation notebook sit in the middle as the reasoning environment, deep work,
354
00:28:56,960 –> 00:29:02,080
source bound, intent bound, iterative. They’re where you do analysis that you’ll revisit, defend,
355
00:29:02,080 –> 00:29:07,360
and reuse. And this is the key claim. Notebooks reduce randomness by narrowing the retrieval universe
356
00:29:07,360 –> 00:29:12,000
and making intent persistent, not eliminating randomness, reducing it. Because the model is still
357
00:29:12,000 –> 00:29:16,000
generative, it will still produce language. It will still make probabilistic choices, but you’re
358
00:29:16,000 –> 00:29:20,240
changing the odds by changing the inputs and you’re doing it in a way that can be owned and governed.
359
00:29:20,240 –> 00:29:24,640
This aligns with what Christoph Tuyhaus highlights in his notebook overview. The core idea is
360
00:29:24,640 –> 00:29:29,200
created context, leading to responses that are more traceable, higher quality, and verifiable.
361
00:29:29,200 –> 00:29:33,760
Not because the model suddenly became trustworthy. Because the context became defensible. And there’s
362
00:29:33,760 –> 00:29:38,960
one more subtle design choice that matters. Notebooks work by referencing not copying. They link to
363
00:29:38,960 –> 00:29:43,600
sources rather than duplicating them into a new shadow repository. That’s not a convenience feature.
364
00:29:43,600 –> 00:29:48,000
That’s a governance choice. Copy creates version drift. Links preserve a single update path,
365
00:29:48,000 –> 00:29:52,640
assuming the underlying content has life cycle and ownership. Also notice what notebooks don’t do.
366
00:29:52,640 –> 00:29:56,400
They don’t grant access. Sharing a notebook doesn’t magically override
367
00:29:56,400 –> 00:30:00,800
intra permissions on the underlying sources. That’s the platform refusing to let a context container
368
00:30:00,800 –> 00:30:04,480
become a backdoor. Good. The authorization model stays the authorization model. So if you’re
369
00:30:04,480 –> 00:30:08,800
expecting notebooks to fix governance, you’re going to be disappointed. Notebooks don’t fix
370
00:30:08,800 –> 00:30:12,800
governance. They expose it. They make it obvious when your truth placement is broken. When your
371
00:30:12,800 –> 00:30:18,080
source set is stale. And when your permissions model is a disaster. Because the moment you try to
372
00:30:18,080 –> 00:30:22,800
curate context, you discover you don’t know what’s authoritative. You don’t know who owns it.
373
00:30:22,800 –> 00:30:27,360
And you can’t explain why one team sees a different answer than another, which is the point.
374
00:30:27,360 –> 00:30:31,040
A notebook is a container for managed context. It’s the place where context engineering
375
00:30:31,040 –> 00:30:35,680
becomes real work, not a motivational poster about prompting better. And now the term that
376
00:30:35,680 –> 00:30:41,040
everyone keeps avoiding starts to matter. Context engineering. Context engineering. The new work
377
00:30:41,040 –> 00:30:45,440
you keep avoiding. Context engineering is what happens when you stop treating co-pilot like a clever
378
00:30:45,440 –> 00:30:50,640
employee and start treating it like a system you own. And yes, it’s the work everyone avoids because
379
00:30:50,640 –> 00:30:54,880
it sounds like governance and governance sounds like delay. But the delay is already there. You just
380
00:30:54,880 –> 00:30:59,680
pay it later in rework, escalation and incident reviews. So here’s the simple definition. Context
381
00:30:59,680 –> 00:31:04,320
engineering is the deliberate design of what co-pilot is allowed to consider how it should interpret it
382
00:31:04,320 –> 00:31:09,600
and what must be produced as evidence after it answers. Not write a better prompt design the
383
00:31:09,600 –> 00:31:14,880
environment. There are three layers and if you ignore any of them you get drift. Layer one is sources.
384
00:31:14,880 –> 00:31:19,760
What the notebook can pull from us truth. Not useful docs. Inputs that are allowed to influence
385
00:31:19,760 –> 00:31:24,720
decisions. This is where you enforce authority. The policy set, the standard operating procedure,
386
00:31:24,720 –> 00:31:29,760
the approved templates, the canonical architecture decisions, the vendor contracts that actually apply,
387
00:31:29,760 –> 00:31:35,600
you’re building a small corpus with high signal, not a library with high volume. Layer two is instructions.
388
00:31:35,600 –> 00:31:40,320
The persistent intent. This is where you encode the rules your organization keeps relying on people
389
00:31:40,320 –> 00:31:45,120
to remember what to do when sources conflict, what definitions to use, what to refuse to answer,
390
00:31:45,120 –> 00:31:49,200
when to escalate to a human. Which output formats are acceptable. This is the part executives
391
00:31:49,200 –> 00:31:54,320
call tone, but architects should recognize as constraints and guardrails that reduce ambiguity.
392
00:31:54,320 –> 00:31:59,440
Layer three is outputs, the decision record. This is the part almost nobody builds and it’s why
393
00:31:59,440 –> 00:32:04,000
co-pilot adoption stalls. If the output can’t be defended it can’t be trusted. And if it can’t be
394
00:32:04,000 –> 00:32:10,320
trusted it stays a toy. Outputs need to behave like receipts, citations, assumptions,
395
00:32:10,320 –> 00:32:15,120
and a stable format that can be reviewed. The point isn’t to make co-pilot verbose. The point is to
396
00:32:15,120 –> 00:32:19,440
make co-pilot accountable inside a workflow. Now here’s the objection that shows up immediately.
397
00:32:19,440 –> 00:32:24,400
We already have a prompt framework, goal context source expectations. We trained users. Sure. And
398
00:32:24,400 –> 00:32:28,160
it works about as well as every other program that tries to make humans compensate for missing
399
00:32:28,160 –> 00:32:32,400
system design. Prompt frameworks are manual context engineering. They’re just done badly because
400
00:32:32,400 –> 00:32:36,880
they’re done one prompt at a time by the least consistent part of the system, people. In a large
401
00:32:36,880 –> 00:32:41,440
tenant you don’t need better individual behavior. You need reusable governed configuration that
402
00:32:41,440 –> 00:32:45,680
survives turnover and stress. That’s what the notebook gives you a place to bind the source set
403
00:32:45,680 –> 00:32:50,240
and the instructions so you don’t have to recreate the same constraints every day. But it only
404
00:32:50,240 –> 00:32:54,720
works if you treat the notebook like a product, not like a scratch pad. So context engineering has a
405
00:32:54,720 –> 00:33:00,560
few non-negotiable behaviors. First, define the question space. What is this notebook allowed to answer?
406
00:33:00,560 –> 00:33:05,920
Vendor onboarding for external data processes. Project status and risks for program X.
407
00:33:05,920 –> 00:33:10,800
Security standards for endpoint configuration. And if you can’t define that in one sentence,
408
00:33:10,800 –> 00:33:16,000
you’re building a junk drawer. Second, define exclusions. This is where the enterprise stops being naive.
409
00:33:16,000 –> 00:33:20,960
What must the notebook refuse? Legal interpretation beyond policy text, HR advice beyond
410
00:33:20,960 –> 00:33:25,520
published guidance. Anything involving regulated data movement without explicit citations.
411
00:33:25,520 –> 00:33:30,240
The system needs permission to say no, or it will say yes, in fluent English. Third,
412
00:33:30,240 –> 00:33:35,040
define the authoritative source hierarchy. When sources conflict what wins, a formally published
413
00:33:35,040 –> 00:33:40,240
policy over a slide deck. A labeled standard over a meeting note. A signed contract over an email
414
00:33:40,240 –> 00:33:44,960
summary. If you don’t tell co-pilot what authority means, it will treat recency and keyword density
415
00:33:44,960 –> 00:33:51,520
as authority. That’s how garbage becomes truth. Fourth, make ownership explicit. Not everyone can edit.
416
00:33:51,520 –> 00:33:56,560
Someone owns the context. Someone curates the source list. Someone reviews the instructions. Someone
417
00:33:56,560 –> 00:34:01,600
sets the cadence. Otherwise, the notebook becomes a museum of good intentions. This is why executives
418
00:34:01,600 –> 00:34:06,160
should care, even if they don’t care about the mechanics. Because context engineering is how you get
419
00:34:06,160 –> 00:34:12,000
two things. Leadership actually wants. Quality and accountability. Fewer wrong answers that look
420
00:34:12,000 –> 00:34:16,880
right. Faster decisions that don’t get relitigated because nobody knows where the answer came from.
421
00:34:16,880 –> 00:34:22,640
And there’s a cost angle too, because entropy isn’t free. Sproul drives storage. Sproul drives indexing.
422
00:34:22,640 –> 00:34:28,720
Sproul drives compute. Then everyone pretends co-pilot is expensive. When the real cost is that you
423
00:34:28,720 –> 00:34:34,560
never control the context surface area in the first place. So no, context engineering isn’t an
424
00:34:34,560 –> 00:34:38,960
niche practice. It’s the new enterprise literacy for AI. And the most important part is the one
425
00:34:38,960 –> 00:34:44,240
that breaks almost every design at scale. Identity. Because the moment you try to engineer context
426
00:34:44,240 –> 00:34:48,720
across real teams, you discover that the retrieval problem is not finding the right document.
427
00:34:48,720 –> 00:34:54,720
It’s which documents exist for which user, at which moment, with which permissions, and with which
428
00:34:54,720 –> 00:35:01,200
drift. That’s where the next failure mode lives. Failure mode 3. Broken ragged scale. Broken ragged
429
00:35:01,200 –> 00:35:05,680
scale is what happens when everyone runs a pilot celebrates the demo and then collides with the part
430
00:35:05,680 –> 00:35:11,200
they didn’t model. The enterprise is not a lab and retrieval is not search with better vibes.
431
00:35:11,200 –> 00:35:15,600
In a pilot, the corpus is small. Permissions are clean because you handpicked the participants. The
432
00:35:15,600 –> 00:35:20,080
content is fresh because you just created it. And the truth documents are obvious because you curated
433
00:35:20,080 –> 00:35:25,360
them. So rag looks deterministic. Ask a question, get the right source, get a decent answer. Then you
434
00:35:25,360 –> 00:35:29,920
go to production. Now the corpus is millions of items. Duplicates exist by design. Old content
435
00:35:29,920 –> 00:35:34,480
didn’t get deprecated because retention kept it alive. Teams spun up hundreds of sites that nobody
436
00:35:34,480 –> 00:35:39,680
owns. And permissions drifted because share with the vendor felt urgent at the time. Ragged
437
00:35:39,680 –> 00:35:45,360
still works. Technically. But the behavior becomes unreliable because the input universe becomes
438
00:35:45,360 –> 00:35:50,960
adversarial to relevance. The first failure pattern is retrieval mismatch. The correct document exists,
439
00:35:50,960 –> 00:35:55,120
but it doesn’t dominate the ranking. The wrong document wins because it has more keywords,
440
00:35:55,120 –> 00:36:00,000
more repetitions, a more generic title, or simply fewer access constraints. In other words,
441
00:36:00,000 –> 00:36:04,720
the system doesn’t retrieve the best source. It retrieves the most retrievable source. That distinction
442
00:36:04,720 –> 00:36:10,400
matters. Because in enterprise content, easy to retrieve often correlates with least governed.
443
00:36:10,400 –> 00:36:15,520
Broad access, weak ownership, lots of copies, lots of drafts, the exact opposite of what you want
444
00:36:15,520 –> 00:36:20,880
feeding an AI that speaks with confidence. The second failure pattern is permission skew.
445
00:36:20,880 –> 00:36:25,600
When a user asks a question, the system can only retrieve what that user is allowed to access.
446
00:36:25,600 –> 00:36:30,480
So two users ask the same question and get different answers, not because the model behaved differently,
447
00:36:30,480 –> 00:36:34,880
but because the retrieval set was different. The organization interprets this as co-pilot is
448
00:36:34,880 –> 00:36:41,760
inconsistent, as co-pilot isn’t inconsistent. Your authorization graph is… This is the part leaders
449
00:36:41,760 –> 00:36:48,400
don’t like hearing. Ragn, Microsoft 365 is not global enterprise truth. It is authorization filtered
450
00:36:48,400 –> 00:36:52,640
truth. The answer is always shaped by the call as identity, that’s how it should be, but it means
451
00:36:52,640 –> 00:36:57,600
your context strategy must assume fragmentation. There is no single answer across the enterprise
452
00:36:57,600 –> 00:37:03,600
unless you designed one. The third failure pattern is freshness collapse. People assume retrieval will
453
00:37:03,600 –> 00:37:09,360
find the latest version. But latest is not a stable concept in a tenant with multiple copies,
454
00:37:09,360 –> 00:37:14,400
multiple sites, and multiple publishing pathways. A policy PDF from last year might be latest in
455
00:37:14,400 –> 00:37:19,920
one library. A page updated yesterday might be latest elsewhere. A deck revised this morning might
456
00:37:19,920 –> 00:37:24,480
be latest in someone’s one drive. The retrieval engine doesn’t understand your publishing model because
457
00:37:24,480 –> 00:37:29,120
you never built one, so you get temporal roulette. And this is where the enterprise starts doing
458
00:37:29,120 –> 00:37:34,640
dangerous things like asking co-pilot to only use the most recent document as if recency implies
459
00:37:34,640 –> 00:37:41,440
authority. Reconcy often means someone touched it, not someone govern it. The fourth failure pattern
460
00:37:41,440 –> 00:37:46,080
is the observability gap. When an answer is wrong you can’t explain why it happened. You might see
461
00:37:46,080 –> 00:37:50,560
a few citations but you can’t see the ranking rationale, the excluded candidates, the permission
462
00:37:50,560 –> 00:37:55,120
filtering decisions, or the full context window that shaped the generation. So the platform owners
463
00:37:55,120 –> 00:38:00,320
can’t debug, architects can’t defend, and leadership can’t trust. This is why Raga is not a feature,
464
00:38:00,320 –> 00:38:05,920
it’s a system, and systems require observability and control surfaces if you want reliable behavior.
465
00:38:05,920 –> 00:38:11,360
Now to be clear, none of this means Raga is bad. It means the common mental model is wrong.
466
00:38:11,360 –> 00:38:16,800
Most people treat Raga like search, type words, get the right file. But Raga is not search. Raga is
467
00:38:16,800 –> 00:38:22,160
retrieval plus synthesis under constraints. The output is not the document. The output is a generated
468
00:38:22,160 –> 00:38:27,360
artifact that inherits every ambiguity in the retrieval set. So when the retrieval set is messy the
469
00:38:27,360 –> 00:38:32,240
synthesis is confident nonsense. And when the retrieval set is permission fragmented the synthesis
470
00:38:32,240 –> 00:38:37,040
becomes user fragmented. And when the retrieval set is stale, the synthesis becomes operationally
471
00:38:37,040 –> 00:38:41,600
dangerous. This is why notebooks matter again. They narrow the retrieval universe and keep the source
472
00:38:41,600 –> 00:38:46,400
set explicit. They don’t solve identity, they don’t solve freshness, they don’t solve sprawl, but they
473
00:38:46,400 –> 00:38:51,520
let you design a bounded reasoning environment where Raga has a fighting chance to behave predictably.
474
00:38:51,520 –> 00:38:55,600
And here’s the uncomfortable truth. If you can’t explain why an answer happened you don’t have an
475
00:38:55,600 –> 00:38:59,840
AI system. You have a slot machine with citations, which is why the next section is unavoidable.
476
00:38:59,840 –> 00:39:04,800
The real control plane isn’t the model. It’s Entra. Entra is the real control plane identity
477
00:39:04,800 –> 00:39:09,840
shapes context. Everyone keeps looking for the co-pilot control plane inside co-pilot. It isn’t there.
478
00:39:09,840 –> 00:39:14,320
The real control plane is Entra because Entra decides what co-pilot is even allowed to consider
479
00:39:14,320 –> 00:39:19,200
as context. Not what it answers, what it can see. And that means identity doesn’t just secure
480
00:39:19,200 –> 00:39:23,120
co-pilot. Identity shapes co-pilot’s reality. That distinction matters.
481
00:39:23,120 –> 00:39:30,560
In Microsoft 365, retrieval is authorization filtered. Co-pilot doesn’t retrieve the best answer.
482
00:39:30,560 –> 00:39:34,720
It retrieves the best answer you’re permitted to access at that moment with your current group
483
00:39:34,720 –> 00:39:40,240
memberships, your current link permissions and whatever inheritance chaos, your tenant accumulated
484
00:39:40,240 –> 00:39:44,800
over the last decade. So when leadership asks why did co-pilot tell finance one thing and legal
485
00:39:44,800 –> 00:39:49,280
another? The answer is usually boring. Different users, different graphs, different retrieval sets.
486
00:39:49,280 –> 00:39:53,360
Co-pilot didn’t contradict itself. Your authorization graph did. And the enterprise keeps acting
487
00:39:53,360 –> 00:39:58,720
surprised because it still treats identity like a gate at the front door. Authenticate. Then you’re
488
00:39:58,720 –> 00:40:03,760
inside. That mental model died years ago. Entra is a distributed authorization system. It’s
489
00:40:03,760 –> 00:40:08,720
continuously evaluated. It’s group memberships, conditional access outcomes, app permissions,
490
00:40:08,720 –> 00:40:14,400
share links, external collaboration settings, and the slow erosion of least privilege as urgent
491
00:40:14,400 –> 00:40:19,280
work keeps demanding exceptions. Those exceptions don’t stay isolated. They accumulate.
492
00:40:19,280 –> 00:40:25,600
Permission drift is not a one-time mistake. It’s a structural behavior. Groups expand,
493
00:40:25,600 –> 00:40:31,040
owners change, sites inherit permissions, nobody remembers, and guest access becomes permanent because
494
00:40:31,040 –> 00:40:35,680
we might need them again. Then someone creates a sharing link with anyone with the link because the
495
00:40:35,680 –> 00:40:40,000
vendor couldn’t access the file and the meeting started in two minutes. That single link is an
496
00:40:40,000 –> 00:40:44,400
entropy generator because now the document’s audience is no longer defined by a group with owners
497
00:40:44,400 –> 00:40:48,720
and life cycle. It’s defined by the existence of a URL. And Co-pilot will happily retrieve that
498
00:40:48,720 –> 00:40:53,360
document for anyone who can access it. The link didn’t just share a file. It changed the retrieval
499
00:40:53,360 –> 00:40:58,000
landscape. Now take that to scale. SharePoint inheritance breaks in odd places. Teams create sites
500
00:40:58,000 –> 00:41:02,240
automatically. Loop components get shared and reshare across chats. Users drop files into one
501
00:41:02,240 –> 00:41:07,040
drive and then share them externally with links. Group-based access and link-based access collide.
502
00:41:07,040 –> 00:41:11,280
And nobody has a clean map of who can see what anymore. So ragged scale becomes permission chaos
503
00:41:11,280 –> 00:41:16,400
at scale. This is why Co-pilot notebooks will fix it is the wrong expectation. A shared notebook does
504
00:41:16,400 –> 00:41:22,000
not grant underlying resource access. Notebooks can reference files and pages, but entra still enforces
505
00:41:22,000 –> 00:41:26,880
access to the targets. If someone opens your notebook and half the sources show as inaccessible,
506
00:41:26,880 –> 00:41:31,680
that isn’t a notebook problem. That’s the system telling you the truth. Your team doesn’t share
507
00:41:31,680 –> 00:41:36,160
a common context boundary. And if your team doesn’t share a common boundary, you will never get
508
00:41:36,160 –> 00:41:41,040
consistent answers. You’ll get roll-shaped answers. Which is fine until you pretend they’re enterprise
509
00:41:41,040 –> 00:41:46,160
truth. So entra becomes the real control plane for persistent context because it defines the audience
510
00:41:46,160 –> 00:41:52,160
for truth. If your authoritative policy lives in a site that everyone can read, you better mean
511
00:41:52,160 –> 00:41:56,640
everyone. If it lives in a restricted library, you better accept that many users will never get
512
00:41:56,640 –> 00:42:01,120
that policy as a grounding source. Therefore, Co-pilot will fill the gap with whatever else they can
513
00:42:01,120 –> 00:42:05,680
see. This is where architects have to stop being sentimental about collaboration. Open access
514
00:42:05,680 –> 00:42:10,640
increases reuse, but it also increases blast radius. Restricted access reduces blast radius,
515
00:42:10,640 –> 00:42:15,120
but it also fragments truth. You don’t avoid that trade-off. You choose it, then you design for it.
516
00:42:15,120 –> 00:42:19,120
And the enterprise-friendly way to design for it is to make the truth layer broadly readable
517
00:42:19,120 –> 00:42:23,280
and tightly right-able. Wide-read access, narrow-edit access, formal publishing,
518
00:42:23,280 –> 00:42:27,600
versioning, ownership, that’s not bureaucracy. That’s how you create a stable retrieval anchor
519
00:42:27,600 –> 00:42:32,720
across the tenant without letting content mutate through helpful edits. Then you use PerView
520
00:42:32,720 –> 00:42:37,680
labeling and DLP to constrain sensitive parts of that truth so it doesn’t leak where it shouldn’t.
521
00:42:37,680 –> 00:42:42,880
Identity defines who can see. Labels define what can travel. Together they define the context boundary.
522
00:42:42,880 –> 00:42:46,400
But again, none of this is a co-pilot feature. It’s authorization architecture.
523
00:42:46,400 –> 00:42:50,560
So if you want persistent context to work, you have to stop treating permissions as an afterthought.
524
00:42:50,560 –> 00:42:55,120
You need to manage group sprawl, kill anonymous links, control guest access, and watch inheritance
525
00:42:55,120 –> 00:42:59,440
like it’s a security perimeter because it is. And you need to accept the harsh conclusion.
526
00:42:59,440 –> 00:43:03,120
Co-pilot outcomes are only as consistent as your identity model.
527
00:43:03,120 –> 00:43:05,920
If your entrograph is drifting, your answers will drift.
528
00:43:05,920 –> 00:43:08,880
If your groups are unmanaged, your truth will fragment.
529
00:43:08,880 –> 00:43:12,080
If your sharing links are uncontrolled, your context boundary will dissolve.
530
00:43:12,080 –> 00:43:14,880
That’s why governance can’t attach to user behavior.
531
00:43:14,880 –> 00:43:19,760
It has to attach to the pathways, how content gets created, shared, labeled, and made retrievable.
532
00:43:19,760 –> 00:43:24,480
And that leads directly to the part everyone claims they’ll do later right after the rollout,
533
00:43:24,480 –> 00:43:28,240
right after adoption, right after the next incident. PerView. PerView.
534
00:43:28,240 –> 00:43:32,880
The part everyone claims they’ll do later. PerView is the part of the story where everyone nods,
535
00:43:32,880 –> 00:43:36,880
agrees, and then quietly changes the subject. Because PerView feels like compliance tooling.
536
00:43:36,880 –> 00:43:41,680
And compliance feels like a tax, something to bolt on after the real work of co-pilot adoption,
537
00:43:41,680 –> 00:43:45,520
right after the pilot, right after the excitement, right after the business units,
538
00:43:45,520 –> 00:43:48,080
stop calling it magic. That delay is not neutral.
539
00:43:48,080 –> 00:43:52,160
It’s an architectural choice to let co-pilot operate without a classification model,
540
00:43:52,160 –> 00:43:56,800
without consistent policy signals, and without defensible handling for the outputs it generates.
541
00:43:56,800 –> 00:44:01,040
In other words, you’re asking a probabilistic system to behave responsibly while you postpone
542
00:44:01,040 –> 00:44:05,760
the only machinery you have for expressing responsibility at scale. PerView isn’t a sticker machine,
543
00:44:05,760 –> 00:44:09,840
sensitivity labels aren’t decorative, they’re context constraints, they’re machine-readable
544
00:44:09,840 –> 00:44:14,320
signals that say this content has a handling requirement, a sharing boundary, and sometimes an
545
00:44:14,320 –> 00:44:19,040
encryption boundary. When labels exist and are applied consistently, co-pilot doesn’t just
546
00:44:19,040 –> 00:44:24,480
see documents. It sees documents with guardrails attached. That’s the point. Without those signals,
547
00:44:24,480 –> 00:44:29,200
co-pilot retrieves across a flat content universe. Everything looks the same, so the model ranks by
548
00:44:29,200 –> 00:44:33,840
relevant signals and produces an answer. And if the answer includes sensitive content,
549
00:44:33,840 –> 00:44:38,640
you’re now relying on the user to notice and behave. That’s not governance, that’s wishful thinking.
550
00:44:38,640 –> 00:44:44,160
This is also where people confuse enforcement with awareness. A label taxonomy, without policy,
551
00:44:44,160 –> 00:44:49,680
is just a vocabulary lesson. The enterprise needs labels to drive behaviors, default labeling,
552
00:44:49,680 –> 00:44:55,040
mandatory labeling, restrictions on sharing, and downstream controls, like DLP. Otherwise,
553
00:44:55,040 –> 00:44:59,120
you’ve built a classification scheme that exists purely for reporting dashboards, no one reads.
554
00:44:59,120 –> 00:45:03,920
And DLP is where the later excuse becomes expensive. DLP is not there to punish users. It’s there
555
00:45:03,920 –> 00:45:10,000
to prevent predictable failure modes, pasting regulated data into the wrong place. Sharing a summary
556
00:45:10,000 –> 00:45:15,920
that includes PII with the wrong audience, or taking an AI-generated artifact and distributing it
557
00:45:15,920 –> 00:45:21,920
as if it’s clean. Co-pilot accelerates creation. DLP becomes the seatbelt. You don’t install seatbelts
558
00:45:21,920 –> 00:45:27,040
after the crash. Now, add inside-a-risk organizations pretend inside-a-risk is only about malicious
559
00:45:27,040 –> 00:45:32,800
actors. It’s not. It’s also about high-velocity accidents. Someone pressure to deliver using co-pilot
560
00:45:32,800 –> 00:45:37,680
to synthesize data and then moving it to an unmanaged location because it’s just a draft.
561
00:45:37,680 –> 00:45:42,640
Co-pilot didn’t leak data by itself. Your workflow did. Inside-a-risk management exists to
562
00:45:42,640 –> 00:45:47,360
detect those patterns and put friction where it matters. Then there’s lineage and e-discovery.
563
00:45:47,360 –> 00:45:51,680
The part nobody wants to talk about because it turns AI-assistant into records problem.
564
00:45:51,680 –> 00:45:56,720
Co-pilot outputs are not ephemeral by default. They get copied into emails. They get pasted into decks.
565
00:45:56,720 –> 00:46:01,120
They get turned into loop pages. They become briefs, decisions, risk registers, and guidance.
566
00:46:01,120 –> 00:46:05,040
Those artifacts influence outcomes. That means they become discoverable evidence in
567
00:46:05,040 –> 00:46:09,920
audits, investigations, and litigation. If you can’t trace what sources shape them and what labels
568
00:46:09,920 –> 00:46:14,720
govern them, you didn’t just lose accountability. You lost defensibility. This is why Perview has
569
00:46:14,720 –> 00:46:18,960
to be treated as part of the co-pilot architecture, not as a compliance phase. Perview is how you
570
00:46:18,960 –> 00:46:23,280
attach governance to content pathways. The inputs you retrieve, the outputs you generate,
571
00:46:23,280 –> 00:46:28,000
and the places those outputs travel. And yes, there’s a catch. Perview can’t compensate for missing
572
00:46:28,000 –> 00:46:32,720
authority. It can constrain data movement. It can apply labels. It can enforce retention. But it
573
00:46:32,720 –> 00:46:37,440
cannot decide which document is true when your tenant has five contradictory versions. That’s
574
00:46:37,440 –> 00:46:41,600
still a context engineering problem. So the correct mental model is Perview constraints the boundary
575
00:46:41,600 –> 00:46:46,880
conditions, not the reasoning quality. It reduces blast radius. It increases auditability.
576
00:46:46,880 –> 00:46:51,760
It makes outputs and sources governable. And it gives leadership something they always ask for,
577
00:46:51,760 –> 00:46:56,800
once the first incident happens. Proof that the system respected handling requirements.
578
00:46:56,800 –> 00:47:01,200
Proof that sensitive outputs didn’t travel where they shouldn’t. Proof that decisions have
579
00:47:01,200 –> 00:47:05,520
receipts, not just polished prose. So when people say we’ll do Perview later, what they mean is
580
00:47:05,520 –> 00:47:09,520
we’ll accept uncontrolled context now and we’ll deal with the consequences when the consequences
581
00:47:09,520 –> 00:47:14,560
become visible. The platform will allow that. The auditors will not. Next, this has to connect back
582
00:47:14,560 –> 00:47:18,560
to patterns, not tools, because the point isn’t to memorize Perview features. The point is to
583
00:47:18,560 –> 00:47:23,360
understand the persistent context triad Microsoft is quietly assembling. Personal capture,
584
00:47:23,360 –> 00:47:30,480
collaborative synthesis, and managed reasoning. The persistent context triad, one note, pages,
585
00:47:30,480 –> 00:47:36,000
notebook. Microsoft is quietly building a triad for persistent context and most enterprises will
586
00:47:36,000 –> 00:47:41,280
misuse all three parts because they’ll treat them as interchangeable note taking with AI. They’re not,
587
00:47:41,280 –> 00:47:46,000
these containers behave differently, degrade differently, and govern differently. One note pages
588
00:47:46,000 –> 00:47:50,800
and notebooks. If you don’t assign each one a role, your context strategy turns into a scavenger hunt
589
00:47:50,800 –> 00:47:55,920
across apps and nobody can explain which artifact actually matters. One note is personal capture,
590
00:47:55,920 –> 00:48:01,840
fast, low friction, high convenience, and therefore low defensibility. It’s where fragments live,
591
00:48:01,840 –> 00:48:07,120
meeting notes, screenshots, half ideas and drafts. It should stay personal and mostly ephemeral.
592
00:48:07,120 –> 00:48:12,480
The moment a team treats one note as the system of record, you’ve outsourced enterprise truth
593
00:48:12,480 –> 00:48:18,000
to an individual’s private workspace and a life cycle you don’t control. Pages, loop pages,
594
00:48:18,000 –> 00:48:23,760
are collaborative synthesis. They turn messy thinking into something humans can consume,
595
00:48:23,760 –> 00:48:29,280
a brief, a checklist, a risk table, a plan. Pages feel official because they’re tidy, but tidy is not
596
00:48:29,280 –> 00:48:34,960
approved. If a page becomes decision driving, it needs ownership, control change, and review cadence.
597
00:48:34,960 –> 00:48:39,600
Otherwise, it’s just a nicer wiki and wiki’s decay into confident ambiguity. Notebooks are
598
00:48:39,600 –> 00:48:44,960
curated reasoning environments. They bind sources and intent into a repeatable context scope,
599
00:48:44,960 –> 00:48:49,200
so co-pilot can produce outputs that are traceable and consistent inside a domain. Notebooks don’t
600
00:48:49,200 –> 00:48:54,640
replace pages. They feed pages. The notebook is where you constrain the retrieval universe. The
601
00:48:54,640 –> 00:48:58,960
page is what you publish when you want others to consume the result, so the flow is simple. One
602
00:48:58,960 –> 00:49:04,160
note captures notebooks constrain, pages communicate, and when something becomes enterprise truth,
603
00:49:04,160 –> 00:49:08,800
policy, standards, operating procedures, it needs to live in an authoritative publishing model
604
00:49:08,800 –> 00:49:12,880
with governance semantics attached. None of these three containers are your policy engine,
605
00:49:12,880 –> 00:49:18,800
their context surfaces. Next, the practical checklist. How to decide what must be persistent and
606
00:49:18,800 –> 00:49:24,480
what must be allowed to die. The context design, checklist, persistent versus ephemera.
607
00:49:24,480 –> 00:49:29,120
The next mistake is assuming everything should be captured because AI is here now. That’s how tenants
608
00:49:29,120 –> 00:49:34,480
turn into landfills with search bars. So the first checklist item is brutally simple. Decide what
609
00:49:34,480 –> 00:49:39,200
is allowed to die. Ephemeral context is the stuff that helps you think, negotiate, and explore,
610
00:49:39,200 –> 00:49:44,320
but shouldn’t become part of the enterprise memory. Brainstorming, half-formed options, draft
611
00:49:44,320 –> 00:49:51,280
language. What if we, conversations, early-risk spikes that get resolved? Political compromise
612
00:49:51,280 –> 00:49:57,040
notes that were true for one meeting and toxic forever after. Most teams chat. Most meeting chatter.
613
00:49:57,040 –> 00:50:02,080
Most whiteboard captures. Ephemeral is not worthless. It’s just not an asset. It’s a consumable
614
00:50:02,080 –> 00:50:07,920
input to get to a decision. And if you persisted by default, Copilot will retrieve it later and
615
00:50:07,920 –> 00:50:12,000
treat it as if it still matters. That’s how yesterday’s uncertainty becomes today’s guidance.
616
00:50:12,000 –> 00:50:16,960
Persistent context is different. Persistent means this content is expected to influence decisions
617
00:50:16,960 –> 00:50:22,400
later and the enterprise is willing to be accountable for it. Policies, standards, architectural
618
00:50:22,400 –> 00:50:28,480
decisions, operating procedures, approved templates, vendor onboarding rules, security baselines,
619
00:50:28,480 –> 00:50:33,280
financial assumptions used in planning, anything that becomes a reference point for why did we do it
620
00:50:33,280 –> 00:50:39,520
this way? Here’s the litmus test. If someone will ask who approved this, it needs persistence, not
621
00:50:39,520 –> 00:50:44,720
save the file somewhere. Persistence with ownership, life cycle and a place in the authority hierarchy.
622
00:50:44,720 –> 00:50:51,120
Now, leaders love to skip this and say, just put it all in a notebook. No. A notebook is not a garbage
623
00:50:51,120 –> 00:50:55,280
compactor. It’s a bounded reasoning environment. If you treat it like a dumping ground, you are
624
00:50:55,280 –> 00:51:00,400
literally curating your own future hallucinations. You’re building a retrieval corpus that contains
625
00:51:00,400 –> 00:51:04,960
contradictions, drafts and opinions, then acting surprised when Copilot synthesizes them into
626
00:51:04,960 –> 00:51:11,200
something that sounds official, so apply the split. Ephemeral use cases, ideation sessions,
627
00:51:11,200 –> 00:51:17,760
negotiation prep, exploratory Q&A, meeting catch-up, quick comparisons, draft emails, give me options,
628
00:51:17,760 –> 00:51:22,480
summarize this thread, what did we decide last week when the decision isn’t actually recorded
629
00:51:22,480 –> 00:51:26,960
anywhere else? This is Copilot chat territory. It’s fast, it’s disposable, it should not become
630
00:51:26,960 –> 00:51:31,600
the enterprise’s memory. Persistent use cases, anything that changes how people operate.
631
00:51:31,600 –> 00:51:36,640
That includes what’s the correct label and why? Are we allowed to share this externally?
632
00:51:36,640 –> 00:51:41,840
What’s the approved process? What is the standard build? What are the non-negotiable controls?
633
00:51:41,840 –> 00:51:46,800
What does confidential mean here? What is the current vendor stance? What is the architecture
634
00:51:46,800 –> 00:51:52,080
decision and its rationale? These questions aren’t about productivity. They’re about governance and
635
00:51:52,080 –> 00:51:56,480
repeatability. They deserve a persistent context container, whether that’s a notebook bound to
636
00:51:56,480 –> 00:52:01,360
authoritative sources or a published knowledge base or a formal policy artifact. Now the uncomfortable
637
00:52:01,360 –> 00:52:05,760
rule that actually holds, if it changes decisions later, it needs persistence and ownership,
638
00:52:05,760 –> 00:52:10,880
not because it’s important, because it’s a decision input. And in an AI assisted enterprise,
639
00:52:10,880 –> 00:52:15,760
decision inputs are part of the control plane. This is also how you stop wasting effort on pointless
640
00:52:15,760 –> 00:52:20,080
documentation. People document too much when they don’t know what counts. If you define the
641
00:52:20,080 –> 00:52:24,640
persistent set, you can let everything else stay ephemeral and stop pretending every meeting
642
00:52:24,640 –> 00:52:29,440
note is corporate memory. Most meeting notes are not knowledge. They are transaction logs for
643
00:52:29,440 –> 00:52:34,000
humans, useful in the moment, dangerous as future truth. So what does this look like in practice?
644
00:52:34,000 –> 00:52:38,880
If you’re creating a notebook for a program, don’t start by dumping your last 50 files into it.
645
00:52:38,880 –> 00:52:43,600
Start by declaring, what decisions is this notebook allowed to influence?
646
00:52:43,600 –> 00:52:48,320
If the answer is all of them, you’ve already failed. Define the decision domain. Then collect the
647
00:52:48,320 –> 00:52:52,320
smallest set of authoritative sources that govern that domain, then capture the outputs that
648
00:52:52,320 –> 00:52:56,160
become decision records. Everything else stays outside. If you’re building a page, treat it as a
649
00:52:56,160 –> 00:53:01,200
publication surface, not a scratch pad. Pages can be persistent artifacts, but only if you decide
650
00:53:01,200 –> 00:53:06,400
they are. If the page drives decisions, it needs an owner and a review date. If it doesn’t stop
651
00:53:06,400 –> 00:53:11,440
treating it like a living standard, if you’re using one note, keep it personal and ephemeral by default.
652
00:53:11,440 –> 00:53:15,600
Promote only what matters. Otherwise, you’ll create a parallel knowledge system that nobody can
653
00:53:15,600 –> 00:53:20,720
govern. And yes, this also applies to AI outputs. An AI generated summary is ephemeral until you make
654
00:53:20,720 –> 00:53:25,360
it persistent. The moment you paste it into a standard, a brief, a policy draft or an operating
655
00:53:25,360 –> 00:53:29,680
procedure, it becomes part of the enterprise memory and it must inherit governance. That means
656
00:53:29,680 –> 00:53:34,560
labeling, traceability, and review like any other decision artifact. Persistence is not a storage
657
00:53:34,560 –> 00:53:39,040
decision. It’s an accountability decision. And once you get the split right, you unlock the next
658
00:53:39,040 –> 00:53:43,600
constraint. Persistence without boundaries is just a bigger surface area for wrong answers.
659
00:53:43,600 –> 00:53:48,240
The context design checklist, boundaries, and constraints. Once you decide something
660
00:53:48,240 –> 00:53:52,880
deserves persistence, the next failure is assuming persistence automatically creates reliability.
661
00:53:52,880 –> 00:53:57,120
It doesn’t. Persistence just makes the wrong thing available for longer. So the next checklist item
662
00:53:57,120 –> 00:54:02,640
is boundaries. Not vibes, not be careful. Boundaries that the system can follow and humans can audit.
663
00:54:02,640 –> 00:54:07,440
A notebook without boundaries becomes a multi-tenant junk drawer. It answers whatever you ask,
664
00:54:07,440 –> 00:54:11,760
from whatever it can reach, in whatever format feels convenient that day. That is just chat sprawl
665
00:54:11,760 –> 00:54:17,200
with a nicer sidebar. So define the question space first. Every notebook needs a one sentence charter.
666
00:54:17,200 –> 00:54:22,160
What it is allowed to answer, for whom, and in what operational domain. This notebook answers
667
00:54:22,160 –> 00:54:26,080
questions about third-party vendor onboarding requirements for our EU operations.
668
00:54:26,080 –> 00:54:31,440
This notebook produces security exception assessments for endpoint configuration controls.
669
00:54:31,440 –> 00:54:36,640
This notebook generates weekly program risk briefs for program X. That sentence is not documentation.
670
00:54:36,640 –> 00:54:41,920
It’s scope control because scope is how you stop the notebook becoming the place people ask everything
671
00:54:41,920 –> 00:54:47,840
then blame the platform when answers get fuzzy. Next, define exclusions explicitly. This is where the
672
00:54:47,840 –> 00:54:53,040
enterprise stops pretending AI is a colleague with judgment. It isn’t. It’s a synthesis engine.
673
00:54:53,040 –> 00:54:57,840
If you don’t tell it what not to do, it will happily step into legal advice, HR interpretation,
674
00:54:57,840 –> 00:55:02,080
or just tell me what we can get away with. Territory. And it will do it in confident
675
00:55:02,080 –> 00:55:07,200
prose that looks like authority. So exclusions have to be written like refusal rules. This notebook
676
00:55:07,200 –> 00:55:11,920
must refuse to answer questions that require legal interpretation beyond the cited policy text.
677
00:55:11,920 –> 00:55:15,840
This notebook must refuse to recommend data handling decisions without referencing labeled
678
00:55:15,840 –> 00:55:20,560
policy sources. This notebook must escalate to security when a requested action involves
679
00:55:20,560 –> 00:55:25,600
external sharing of sensitive data. Refusal is not rudeness, it’s control. Then define an authority
680
00:55:25,600 –> 00:55:30,320
hierarchy, not in a PowerPoint, in the notebooks persistent instructions when sources conflict what
681
00:55:30,320 –> 00:55:35,440
wins. Published policy beats guidance. Guidance beats draft notes. Signed contract beats email
682
00:55:35,440 –> 00:55:40,160
summary. A labeled standard beats an unlabeled deck. If you don’t encode this hierarchy,
683
00:55:40,160 –> 00:55:44,160
the retrieval engine will treat the thing that matches the prompt as the winner. That’s how
684
00:55:44,160 –> 00:55:48,320
keyword density becomes governance. And yes, this is where some leaders get uncomfortable because
685
00:55:48,320 –> 00:55:53,280
it forces you to admit that we have multiple truths is not a cultural nuance. It’s operational
686
00:55:53,280 –> 00:55:59,440
debt. Now add format constraints because format is not aesthetics. Format is how outputs become
687
00:55:59,440 –> 00:56:03,840
usable artifacts instead of chat sludge. If the notebook exists to produce decisions,
688
00:56:03,840 –> 00:56:09,280
then the output format must be decision-shaped. Not a helpful paragraph. So choose the outputs you
689
00:56:09,280 –> 00:56:15,280
will allow. Decision memo with sections, question, constraints, sources used, recommendation,
690
00:56:15,280 –> 00:56:20,320
risks and escalation required. Risk register entry with fields, risk description,
691
00:56:20,320 –> 00:56:26,160
likelihood, impact, mitigation, owner and review date. Executive brief with top three points what
692
00:56:26,160 –> 00:56:31,120
changed since last time open decisions and next actions. If the output matters, the structure is
693
00:56:31,120 –> 00:56:36,000
part of the control plane. Structure forces the model to expose gaps, missing sources,
694
00:56:36,000 –> 00:56:40,880
missing assumptions, missing owners, unstructured pros hides those gaps. Then define the constraint
695
00:56:40,880 –> 00:56:45,680
behaviors when the notebook can’t find authoritative sources. This is where most implementations fail
696
00:56:45,680 –> 00:56:50,240
because they assume the system will try harder. No, the system will fill gaps. So the instruction
697
00:56:50,240 –> 00:56:54,560
has to be explicit. If authoritative sources are missing, the notebook must say so, list what it
698
00:56:54,560 –> 00:56:59,040
searched within its source set and recommend where the missing truth should live. That turns
699
00:56:59,040 –> 00:57:03,760
failure into a governance signal instead of a hallucination. Now the practical part, boundaries
700
00:57:03,760 –> 00:57:07,680
aren’t only about what the notebook answers, they’re about what it is allowed to touch. A notebook
701
00:57:07,680 –> 00:57:11,680
should not be allowed to reference everything you can find. As that’s just a denial of service
702
00:57:11,680 –> 00:57:16,320
attack on relevance, it needs a maintained source set with purposeful inclusion and purposeful
703
00:57:16,320 –> 00:57:20,560
exclusion. And the source set should be small enough that someone can review it without a
704
00:57:20,560 –> 00:57:25,600
spreadsheet and a prayer. Because boundaries only work when ownership exists. If the source set can
705
00:57:25,600 –> 00:57:31,520
grow without pruning, your constraint model is temporary. It will erode. Always. And if the
706
00:57:31,520 –> 00:57:36,080
instructions can be edited by anyone, your boundary model becomes political, it will drift toward
707
00:57:36,080 –> 00:57:42,800
convenience. Always. So the checklist item isn’t add constraints. It’s treat constraints as configuration
708
00:57:42,800 –> 00:57:47,840
version them, review them, own them, test them. Because the moment you rely on informal discipline,
709
00:57:47,840 –> 00:57:52,160
you’re back to the original problem, humans compensating for missing architecture. Next,
710
00:57:52,160 –> 00:57:56,960
once boundaries exist, you still need the boring mechanics that make boundaries enforceable over time.
711
00:57:56,960 –> 00:58:02,400
Curated sources, taxonomy and the elimination of duplicates. The context design checklist.
712
00:58:02,400 –> 00:58:08,720
Source curation and taxonomy. Source curation is where most co-pilot strategies quietly die,
713
00:58:08,720 –> 00:58:12,560
because it forces the enterprise to answer a question it has avoided for years.
714
00:58:12,560 –> 00:58:18,480
Which artifacts are allowed to be treated as truth? Not useful, not popular, truth.
715
00:58:19,600 –> 00:58:23,440
If you don’t curate the source set, you are delegating authority to the ranking algorithm.
716
00:58:23,440 –> 00:58:27,360
And the ranking algorithm doesn’t know what your compliance team meant. It knows what it can
717
00:58:27,360 –> 00:58:32,320
retrieve. So start small. Minimum viable source set, high authority, high signal, low volume.
718
00:58:32,320 –> 00:58:37,760
Pick the artifacts that already have controlled change, explicit ownership and predictable semantics.
719
00:58:37,760 –> 00:58:42,720
Published policies approved standards, canonical decision records maintained operating procedures.
720
00:58:42,720 –> 00:58:48,080
Then stop, because just add one more folder is how you turn a bounded reasoning environment into soup.
721
00:58:48,080 –> 00:58:54,480
Curate by category, authoritative sources, decision inputs. Few, stable, governed.
722
00:58:54,480 –> 00:58:59,840
Interpretive guidance, how the policy is applied. Useful, but must cite the authoritative layer and
723
00:58:59,840 –> 00:59:05,920
declare scope. Operational artifacts, status decks, meeting notes, tickets, retros, contextual,
724
00:59:05,920 –> 00:59:10,320
but not allowed to override policy. If you let these compete with authoritative sources,
725
00:59:10,320 –> 00:59:15,760
they’ll win on recency and volume. Now add minimal taxonomy, so curation survives turnover
726
00:59:15,760 –> 00:59:21,200
and can be audited. Every truth source needs a clear title, a one sentence purpose.
727
00:59:21,200 –> 00:59:27,280
What decisions does this control? And and lifecycle markers. Owner last reviewed next review.
728
00:59:27,280 –> 00:59:32,640
Without those it can exist, but it shouldn’t be treated as authoritative in an AI reasoning environment.
729
00:59:32,640 –> 00:59:38,720
Finally, prefer links over copies. Copy creates version drift. References preserve a single update path,
730
00:59:38,720 –> 00:59:42,800
assuming the underlying source is actually maintained. If people need a short version,
731
00:59:42,800 –> 00:59:47,760
make it a governed derivative with explicit lineage, not an orphaned paraphrase in someone’s one drive.
732
00:59:47,760 –> 00:59:53,760
Next, even a perfect curated set fails if nobody owns it. The context design checklist,
733
00:59:53,760 –> 00:59:58,800
ownership, change control and review cadence. Ownership is where most context strategies collapse,
734
00:59:58,800 –> 01:00:04,000
because everyone can contribute sounds collaborative, but it usually means nobody is accountable.
735
01:00:04,000 –> 01:00:08,800
A context container that influences decisions needs a product owner, a role responsible for
736
01:00:08,800 –> 01:00:13,120
the correctness of the source set and the instructions that govern how co-pilot uses it.
737
01:00:13,120 –> 01:00:17,760
Not a distribution list, not a community maintained wiki pattern. A named function with authority
738
01:00:17,760 –> 01:00:22,480
to reject additions, remove sources and resolve conflicts. Now add change control,
739
01:00:22,480 –> 01:00:27,520
or your curated context becomes a slow motion edit war. Treat context like code,
740
01:00:27,520 –> 01:00:32,160
small changes can have disproportionate impact and unreviewed changes accumulate until behavior
741
01:00:32,160 –> 01:00:38,560
becomes unpredictable. Keep it simple. Intake. How new sources and instruction changes
742
01:00:38,560 –> 01:00:43,280
are proposed with a stated purpose and owner. Review. Enforce your authority gradient policy
743
01:00:43,280 –> 01:00:48,400
versus guidance versus operational artifacts and reject anything that can’t justify why it belongs.
744
01:00:48,400 –> 01:00:53,520
Publication, version the notebook instructions and log source set changes, so why did the answer change
745
01:00:53,520 –> 01:01:00,160
has a real answer? Then the part leaders avoid. Review cadence. Set and forget become set and regret.
746
01:01:00,160 –> 01:01:05,280
High-risk domains need frequent review because stailness is a decision risk, not a content quality issue,
747
01:01:05,280 –> 01:01:09,840
and you need event triggers, not just calendar rituals, policy updates, regulatory changes,
748
01:01:09,840 –> 01:01:15,520
or g reogs, major incidents, spikes and corrections. Those triggers force revalidation before drift
749
01:01:15,520 –> 01:01:19,280
becomes normal. Persistent context isn’t a storage problem, it’s a stewardship model.
750
01:01:19,280 –> 01:01:23,520
Next, if you want trust, you need outputs that behave like decision records,
751
01:01:23,520 –> 01:01:28,480
from answers to receipts, traceability as the adoption engine. This is the point where co-pilot
752
01:01:28,480 –> 01:01:32,880
adoption stops being a training problem and becomes a trust problem. Executives don’t reject
753
01:01:32,880 –> 01:01:37,440
co-pilot because it’s slow, they reject it because it can’t defend itself. The first time an AI
754
01:01:37,440 –> 01:01:42,640
assisted brief goes to a steering committee and someone asks, where did that come from? The room goes
755
01:01:42,640 –> 01:01:47,920
quiet. Not because the answer is impossible, because nobody built the workflow to produce evidence
756
01:01:47,920 –> 01:01:53,520
alongside the pros. That’s the real adoption engine. Receipts. A good answer is nice, a traceable answer
757
01:01:53,520 –> 01:01:59,680
is usable, and in an enterprise usable means it can survive review, audit, and blame, so traceability
758
01:01:59,680 –> 01:02:04,240
isn’t an enhancement, it’s the price of entry, the system needs to produce outputs that behave like
759
01:02:04,240 –> 01:02:09,440
decision records, what sources shape the answer, what assumptions were made, what constraints were
760
01:02:09,440 –> 01:02:14,000
applied, and what the model could not verify. Not a dissertation, just enough structure that a
761
01:02:14,000 –> 01:02:18,320
human can check the chain of truth without re-running the whole investigation. Here’s the uncomfortable
762
01:02:18,320 –> 01:02:22,880
truth, people keep trying to make co-pilot sound confident because confidence sells, but confidence
763
01:02:22,880 –> 01:02:27,920
without citations is just a faster way to ship misinformation through the org chart. That distinction
764
01:02:27,920 –> 01:02:33,120
matters. When a notebook is designed correctly, it can produce an answer and show its work,
765
01:02:33,120 –> 01:02:37,440
links to the authoritative sources in the curated set, the relevant sections, and the boundary
766
01:02:37,440 –> 01:02:41,920
conditions that were applied. It’s not perfect observability, but it’s a defensible artifact,
767
01:02:41,920 –> 01:02:46,880
and defensible artifacts change behavior, because now the executive doesn’t have to trust the AI.
768
01:02:46,880 –> 01:02:52,720
They can trust the process. The answer is grounded in a known corpus, produced under known constraints,
769
01:02:52,720 –> 01:02:56,960
and reviewable by the people who already own risk. That’s how adoption actually happens, not
770
01:02:56,960 –> 01:03:01,680
by getting users excited, but by making governance comfortable. Now connect that back to notebooks,
771
01:03:01,680 –> 01:03:05,680
because this is where most people miss the whole point. Notebooks aren’t about producing
772
01:03:05,680 –> 01:03:10,480
prettier answers. They’re about producing repeatable decisions. A notebook with curated sources
773
01:03:10,480 –> 01:03:15,280
and persistent intent can generate the same type of output every week. The same format, the same
774
01:03:15,280 –> 01:03:20,400
authority hierarchy, the same refusal behaviors, the same citation pattern, that creates a stable
775
01:03:20,400 –> 01:03:25,760
operating rhythm, and executives love rhythm, because rhythm is predictability. This is also why outputs
776
01:03:25,760 –> 01:03:30,560
are the third layer of context engineering. If outputs aren’t captured as artifacts, the organization
777
01:03:30,560 –> 01:03:35,440
can’t learn. Every question gets asked again. Every decision gets relitigated. Every meeting becomes
778
01:03:35,440 –> 01:03:40,480
an archaeological dig through chat logs and half-remembered summaries, receipts, and that cycle.
779
01:03:40,480 –> 01:03:46,000
And this is where the micro behavior matters. Stopletting answers die in chat. If a copilot output
780
01:03:46,000 –> 01:03:51,600
influence the decision, it needs to graduate into a persistent artifact, a loop page, a memo,
781
01:03:51,600 –> 01:03:57,040
a ticket comment, an architecture decision record, a risk entry, something with a life cycle.
782
01:03:57,040 –> 01:04:01,600
Chat is where the thinking happens. The artifact is where the organization remembers. That’s also
783
01:04:01,600 –> 01:04:06,160
how you start measuring quality without pretending you can measure AI correctness directly.
784
01:04:06,160 –> 01:04:11,200
If the output is an artifact, it can be reviewed. It can be sampled. It can be corrected. It can be
785
01:04:11,200 –> 01:04:16,720
compared to source changes, and it can be audited when someone inevitably asks, why did we approve this?
786
01:04:16,720 –> 01:04:22,400
Now traceability also solves a problem leaders don’t articulate well. Decision latency. When people
787
01:04:22,400 –> 01:04:26,720
don’t trust the provenance of information, they slow down. They ask for more meetings, they ask for
788
01:04:26,720 –> 01:04:31,120
more approvals, they ask for just one more review that not because they love process but because they
789
01:04:31,120 –> 01:04:36,320
can’t tell what’s real. Receipts shrink that latency. If the output includes citations and an explicit
790
01:04:36,320 –> 01:04:41,760
assumption list, reviewers can focus on the actual disagreement, not on reconstructing the context.
791
01:04:41,760 –> 01:04:46,480
And that’s the economic benefit. Nobody markets properly. Copilot doesn’t save time because it writes
792
01:04:46,480 –> 01:04:51,760
faster. It saves time when it reduces rework and revalidation. Now one more constraint.
793
01:04:51,760 –> 01:04:56,720
Receipts have to be shaped like your governance model, not like a generic AI response.
794
01:04:56,720 –> 01:05:00,880
If you need to defend a recommendation, the output should include sources used,
795
01:05:00,880 –> 01:05:05,440
policy implications, risk notes and escalation triggers. If you need an operating procedure,
796
01:05:05,440 –> 01:05:10,560
the output should include step sequence preconditions exceptions and owner. If you need an executive
797
01:05:10,560 –> 01:05:15,840
brief, the output should include what changed, what matters, and what decision is required. When
798
01:05:15,840 –> 01:05:21,120
outputs have stable structure, people stop arguing about formatting and start arguing about substance.
799
01:05:21,120 –> 01:05:25,200
That’s when the system becomes a tool instead of a novelty. So the adoption engine isn’t prompt
800
01:05:25,200 –> 01:05:29,680
training. It’s building a workflow where copilot outputs leave a paper trail. And once you start
801
01:05:29,680 –> 01:05:34,640
demanding receipts, a lot of the earlier problems become visible immediately. Missing authoritative
802
01:05:34,640 –> 01:05:40,320
sources, stale content, permission fragmentation and unlabeled artifacts that shouldn’t be traveling.
803
01:05:40,320 –> 01:05:44,960
Good. Visibility is how you pay down governance debt. Now the story has to move from reasoning to action
804
01:05:44,960 –> 01:05:49,360
because the moment the enterprise trusts the output, it will try to automate the outcome.
805
01:05:49,360 –> 01:05:56,480
When copilot stops talking and starts doing power platform plus service. Now this is where
806
01:05:56,480 –> 01:06:00,640
the enterprise gets reckless. The moment copilot outputs look credible, someone says great,
807
01:06:00,640 –> 01:06:05,280
can we automate that? That’s how you cross the line from drafting words to changing state.
808
01:06:05,280 –> 01:06:11,440
Tickets, approvals, access, vendor onboarding, notifications, workflows. Automation doesn’t
809
01:06:11,440 –> 01:06:16,000
make weak context less risky. It makes it executable. So the handoff must be explicit copilot
810
01:06:16,000 –> 01:06:21,920
proposes power platform orchestrates service. Now records and governs. If you let a good answer become
811
01:06:21,920 –> 01:06:28,000
an automatic action, you’re not adopting AI, your scaling mistakes. Use a boring pattern on purpose.
812
01:06:28,000 –> 01:06:35,040
Event, reasoning, orchestration, audit trail, event, a request arrives through an existing workflow
813
01:06:35,040 –> 01:06:40,560
entry point reasoning copilot produces a structured recommendation with receipts, policy source,
814
01:06:40,560 –> 01:06:44,080
constraints, risk notes, what’s missing and escalation flags.
815
01:06:44,080 –> 01:06:49,760
Orchestration, power platform or service, now runs only if the output meets a contract,
816
01:06:49,760 –> 01:06:54,880
required fields present, citations included, labeling constraints, satisfied escalation respected,
817
01:06:54,880 –> 01:06:59,120
no contract, no action. Audit trail, the ticket change record includes the references
818
01:06:59,120 –> 01:07:03,360
and the decision rationale, not for theatre, for post-incident survival.
819
01:07:03,360 –> 01:07:07,280
And remember the part that matters more as you automate, identity.
820
01:07:07,280 –> 01:07:11,200
Flow’s runner, someone, user, connector, managed identity, service, principle.
821
01:07:11,200 –> 01:07:15,040
If that identity is broad, you’ve turned a chat UI into a privileged actuator.
822
01:07:15,040 –> 01:07:19,680
Leased privilege stops being a slogan the first time an automated flow moves data where it shouldn’t.
823
01:07:19,680 –> 01:07:25,280
So the system law holds, intent must be enforced by design, contracts,
824
01:07:25,280 –> 01:07:29,120
validations and permission boundaries. Not by, please be careful.
825
01:07:29,120 –> 01:07:35,920
KPIs that actually matter, quality, cost and control.
826
01:07:35,920 –> 01:07:38,800
Most co-pilot programs measure adoption, not outcomes.
827
01:07:38,800 –> 01:07:43,040
Adoption is a vanity metric, it tells you people click the button, it doesn’t tell you the answers
828
01:07:43,040 –> 01:07:48,720
were reliable or defensible. So measure three things, quality, cost and control.
829
01:07:48,720 –> 01:07:53,920
Quality, stop tracking helpful. Track failure in high-risk domains,
830
01:07:53,920 –> 01:07:58,640
sample outputs weekly and review them like change requests, correct authoritative grounding,
831
01:07:58,640 –> 01:08:02,000
correct constraints, correct refusal behavior, correct citations.
832
01:08:02,000 –> 01:08:05,360
When failure rises is not the model getting worse, it’s your context drifting,
833
01:08:05,360 –> 01:08:08,880
then track rework. If humans routinely rewrite outputs before they can be used,
834
01:08:08,880 –> 01:08:12,080
you didn’t save time, you moved effort into AI assisted editing.
835
01:08:12,080 –> 01:08:18,240
Simple artifact feedback, used as is edited, discarded, tells you whether your context design is
836
01:08:18,240 –> 01:08:24,720
improving. Cost, co-pilot is not just a license. The hidden text is entropy, storage growth,
837
01:08:24,720 –> 01:08:28,800
duplicate artifacts and the operational drag of people recreating work because they can’t
838
01:08:28,800 –> 01:08:34,000
trust what exists. Track growth of unlabeled content in critical domains, growth of policy like
839
01:08:34,000 –> 01:08:39,680
duplicates and abandoned workspaces that keep feeding retrieval noise. Control, measure the health
840
01:08:39,680 –> 01:08:45,120
of the control plane signals that shape retrieval and handling, labeling coverage and consistency,
841
01:08:45,120 –> 01:08:51,600
purview, low coverage means flat context and higher blast radius. Permission drift,
842
01:08:51,600 –> 01:08:58,560
entra, unmanaged groups, anonymous links, guests sprawl. Driftup means answers fragment and truth
843
01:08:58,560 –> 01:09:05,360
diverges. Freshness, SLAs for curated sources. If truth hasn’t been reviewed, it’s not truth.
844
01:09:05,360 –> 01:09:09,840
It’s historical storage and the KPI leadership actually cares about decision cycle time,
845
01:09:09,840 –> 01:09:14,000
not time to prompt, time to decision. When persistent context and receipts work,
846
01:09:14,000 –> 01:09:18,560
latency drops because teams stop relitigating the same ambiguity. If you can’t measure these,
847
01:09:18,560 –> 01:09:23,520
you don’t have a co-pilot strategy, you have a UI rollout. The only rule that holds,
848
01:09:23,520 –> 01:09:28,240
prompting isn’t strategy. Persistent context is the control plane that makes co-pilot outcomes
849
01:09:28,240 –> 01:09:32,880
reliable, governable and defensible. If you want the next step, watch the episode on designing
850
01:09:32,880 –> 01:09:38,000
authoritative truth placement in Microsoft 365, policy, guidance and discussion don’t belong
851
01:09:38,000 –> 01:09:42,800
in the same container. Subscribe if you want fewer co-pilot demos and more architectural receipts
852
01:09:42,800 –> 01:09:47,360
and drop the failure mode you’re seeing so the next episode targets the real entropy in your tenant.
