M365 Show Podcast Titelbild

M365 Show Podcast

M365 Show Podcast

Von: Mirko Peters
Jetzt kostenlos hören, ohne Abo

Über diesen Titel

 Welcome to the M365 Show — your essential podcast for everything Microsoft 365, Azure, and beyond. Join us as we explore the latest developments across Power BI, Power Platform, Microsoft Teams, Viva, Fabric, Purview, Security, and the entire Microsoft ecosystem. Each episode delivers expert insights, real-world use cases, best practices, and interviews with industry leaders to help you stay ahead in the fast-moving world of cloud, collaboration, and data innovation. Whether you're an IT professional, business leader, developer, or data enthusiast, the M365 Show brings the knowledge, trends, and strategies you need to thrive in the modern digital workplace. Tune in, level up, and make the most of everything Microsoft has to offer.



Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-show-podcast--6704921/support.Copyright Mirko Peters / m365.Show Politik & Regierungen
Folgen
  • 3D Objects Are the Ultimate Test of Fabric Governance: Catalyst E3

    3D Objects Are the Ultimate Test of Fabric Governance: Catalyst E3
    Nov 18 2025
    🏗️ Defining Fabric Governance — The Foundation of Trust Governance in Fabric isn’t a checklist of forgotten policies. It’s the operating system for your data life—identity, permissioning, lineage, classification, policy, and monitoring—all wired directly into OneLake and workspaces. A 3D asset isn’t a file; it’s a constellation. High-resolution captures, meshes, textures, simulation parameters, and licensing metadata all move together. Each piece carries its own sensitivity and usage rights. Fabric enforces deterministic control through:Microsoft Entra ID for consistent identity and role-based access.Object-level security that gates entire artifacts and their derivatives.Lineage tracking that shows how every scan, mesh, and derivative evolved.Classification and labels that follow the asset as enforceable metadata, not sticky notes.OneLake’s single logical storage where compute comes to the data.Monitoring and alerts that react to anomalies before audits do.When a capture enters an ingestion workspace, Fabric auto-classifies it, validates schema and rights, and quarantines anything non-compliant. Processing pipelines tag outputs with lineage and usage rights. Publishing promotes approved derivatives to shared workspaces through shortcuts, not duplicates. If legal changes a policy—say, banning export of assets from a specific site—Fabric blocks shares, flags dependencies, and prompts reprocessing. Governance isn’t an obstacle; it’s embedded in productivity. ⚠️ The Complexity Barrier — Why 3D Data Breaks Traditional Systems Traditional data stacks were built for rows and columns. 3D data laughs at that.A single photorealistic object is a supply chain, not a file: meshes, textures, lighting, physics, rigs, materials, and derivatives for multiple engines. Every element introduces new governance pain:Versioning: multiple interdependent components that drift over time.Identity: fine-grained roles—artists, engineers, legal—each with different permissions.Licensing: third-party assets with geo-restricted or time-bound clauses.Performance: large transfers multiply cost and risk.Temporal truth: twins evolve; governance must treat time as a dimension.Tool diversity: each application speaks its own format and metadata dialect.Without unified identity, policy, and lineage, every attempt at control collapses. 3D doesn’t tolerate “optional governance.” It enforces chaos by default. 🧩 Versioning and Provenance — Tracking the Life Cycle of a Digital Twin Versioning digital twins isn’t renaming folders. It’s maintaining a governed narrative of cause and effect. Fabric does this through a Twin Manifest—structured metadata that references components by immutable IDs: source captures, meshes, materials, physics, and parameters. Each component follows semantic versioning: major for breaking changes, minor for improvements, build metadata for environment and toolchain. Fabric’s lineage captures every transformation:Raw scan → processed mesh → LOD set → published twin.Each edge in that chain is auditable and reversible.Licenses and rights are versioned, too. When a legal team updates terms, you query Fabric for every manifest that references that license. Affected assets are demoted or quarantined automatically. Practical workflow:Artists can update textures within staging but can’t alter collision meshes in published builds.Simulation engineers tweak physics parameters safely within guardrails.Robotics consumes frozen manifests for reproducibility.Analytics queries lineage to explain why performance changed between versions.Best practices:Pin exact versions—“latest” is a ticking bomb.Embed toolchain hashes and validate at pipeline time.Track temporal variants like pre-repair and post-repair.Keep lineage readable so audits don’t turn into forensics.Versioning isn’t ceremony—it’s engineering hygiene. 🌐 Interoperability and Rights Management in the Metaverse The metaverse isn’t one place. It’s a messy constellation of engines, formats, and viewers. Interoperability is survival; rights enforcement is the guardrail. Fabric doesn’t try to make Blender or Unity behave. It standardizes identity, policy, and lineage above the tool layer. Here’s what that looks like:Open formats like OpenUSD or glTF for structural interoperability.Rights as code, not PDF footnotes:License=Commercial; Territory=EU+US; Duration=2025-12-31; Derivatives=Render+Sim; Prohibit=Resale+RehostEvaluated at runtime so access is granted or denied dynamically.Streaming and tokens: engines fetch only what’s needed; Fabric issues signed URLs and revokes them instantly if rights change.Attribution enforcement: embedded credits or overlays baked into outputs.Cross-platform identity: Entra ID + B2B federation with scoped workspaces.Common pitfalls: exporting “just for a demo,” sending ZIPs to partners, or assuming OpenUSD equals compliance. Governance rides above file format;...
    Mehr anzeigen Weniger anzeigen
    21 Min.
  • Stop Building Dumb Copilots: Why Agentic RAG Is Your Only Fix

    Stop Building Dumb Copilots: Why Agentic RAG Is Your Only Fix
    Nov 17 2025
    🙋‍♀️ Who’s This For🧠 CIOs / CDOs / Heads of AI — want auditable, verified, compliant answers🏗️ Enterprise & Data Architects — designing Azure-based copilots with real reasoning📊 BI / Analytics Leads — merging Fabric metrics + SharePoint context🛡️ Security & GRC Teams — enforcing OBO auth, RLS/CLS, Purview governance⚙️ Ops & Product Leads — need decisions, not hallucinations🔎 Search Tags Agentic RAG • Azure AI Agent Service • Microsoft Fabric • SharePoint Retriever •On-Behalf-Of Auth • Row-Level Security • Column-Level Security • Purview Labels •Verifier Agent • Multi-Agent Orchestration • Evidence-Linked Insights • Enterprise Copilot Architecture 🪞 Opening — “Your Copilot Isn’t Smart”Copilot = “well-dressed autocomplete,” not true intelligenceClassic RAG → single query, single context window, zero reasoningEnterprises need multi-source reasoning (Finance + Fabric + SharePoint + external)Without agentic retrieval → fragmented context + hallucinated insightsAgentic RAG fixes this: plans, cross-checks, validates before answering⚙️ Section 1 — The RAG Myth / Why Linear Intelligence FailsRAG = retrieve → prompt → generate → stopNo memory, planning, or contradiction detectionCan’t join data across systems (Fabric, SharePoint, Power BI, email)Produces eloquent but shallow summaries with zero provenanceLeads to poor decisions, compliance risk, and false confidenceEnterprises need planning + verification, not bigger prompts🧠 Section 2 — Enter Agentic RAG / From Search to ReasoningAdds executive function to AI: RAG + planning + verificationThree core roles:🗺️ Planner → decomposes query & assigns tasks🧾 Retriever Agents → pull structured and unstructured data✅ Verifier Agent → checks citations & consistencyRuns an adaptive reasoning loop → query → validate → refine → actBuilt on Azure AI Agent Service with:On-Behalf-Of authentication (OBO)Row-/Column-Level SecurityFull audit logging + traceabilityContinuous comprehension = no context amnesia🗂️ Section 3 — Integrating SharePoint / Turning Chaos Into KnowledgeSharePoint = corporate archaeology; Agentic RAG = knowledge orchestraUses semantic embeddings + vector search for meaning, not keywordsHonors Entra ID auth + Purview labels → security-trimmed resultsEvery document touch logged → non-repudiation for robotsExample: R&D query → Planner splits tasks → Fabric for numbers, SharePoint for contextVerifier cross-checks and flags outdated dataOutcome: qualitative insight + citations, not random summaries📊 Section 4 — Microsoft Fabric / The Structured CounterpartFabric = quantitative truth layer; SharePoint = contextual memoryFabric Data Agent translates natural language → structured SQLOBO auth enforces RLS/CLS; Purview labels travel with dataAll queries logged and auditable in Fabric logsPlanner uses Fabric first to set numerical boundaries, then SharePoint for contextData pruning by reason → fewer queries, higher relevanceAuditors can trace every number back to its source + timestampGovernance scales with intelligence → trust built by design⚡ Section 5 — Enterprise Impact / From Months to MinutesDecision latency crashes:R&D alignment → hours → minutesAudits → manual weeks → instant replayManufacturing alerts → predictive and continuousBusiness benefits:Verified insights reduce riskCompliance automated by designTeams focus on interpretation, not copy-pastingGovernance ledger: every retrieval, query, and decision traceableReal recklessness = building dumb copilots that can’t reason🧩 Conclusion — Stop Building, Start ThinkingRAG without agency = obsoleteEnterprises need systems that plan, verify, and act under your identityAgentic RAG = Azure AI Agent Service + Fabric Data Agents + SharePoint retrievers + Purview governanceDecorative AI outputs text; Agentic AI produces understandingProof of reasoning → proof of trust✅ Implementation Quick-List🧭 Deploy Planner / Retriever / Verifier pattern in Azure AI Agent Service🔒 Use On-Behalf-Of Auth + RLS/CLS + Purview integration📂 Add SharePoint Retriever for semantic context🧮 Add Fabric Data Agent for structured query reasoning🔁 Include verification loops for citations & contradictions🧾 Maintain complete audit logs for governance and complianceBecome a supporter of this podcast: https://www.spreaker.com/podcast/m365-show-podcast--6704921/support.Follow us on:LInkedInSubstack
    Mehr anzeigen Weniger anzeigen
    23 Min.
  • Stop Paying for Cloud VMs: Run Azure on a Mini PC

    Stop Paying for Cloud VMs: Run Azure on a Mini PC
    Nov 17 2025
    🙋‍♀️ Who’s this forCIOs/CFOs cutting runaway cloud spend without losing governanceIT Architects/Platform Teams standardizing control across hybrid/edgeDevOps/SRE needing local latency + cloud-grade automationRetail/Manufacturing/Healthcare edge deploying at dozens/hundreds of sitesSecurity/GRC teams wanting unified audit, RBAC, and policy across on-prem + cloud🔍 Key Topics Covered 1) The Cloud Without the CloudAzure = muscle (hardware) + brain (control plane). You can rent the brain while supplying your own muscle.Azure Arc “badges” non-Azure machines/clusters so Policy, Defender, Monitor, RBAC apply from the same portal.Azure Local brings core Azure services to those Arc-managed boxes: VMs, AKS, networking—on your desk.2) The Mini-PC RevolutionSmall form-factor hardware (Intel i5/i7, Ryzen; 16–64 GB RAM; NVMe SSD) is enough for a mini region.Mail-and-plug edge rollout: ship pre-vouchered units, plug power/Ethernet, machine appears in Azure ready for policy.Benefits: near-zero latency, tiny power draw (~40–50 W), no colo, centralized lifecycle via Arc.3) Escaping the AD TrapSkip building a domain forest for two nodes. Use certificate-based identity with Azure Key Vault.Vault stores cluster certs/keys/BitLocker secrets; machines mutually auth with zero-trust simplicity; unified audit via Azure.4) Deploying Your Private Azure RegionZero-touch provisioning: voucher USB → phone home → enroll → Arc claims nodes.Create a site, run validation, deploy Azure Local (compute/network/storage RP, AKS).Provision VMs or AKS via the same wizards you use in public Azure; enable GitOps for auto-updates at the edge.5) The Economics of Taking the Cloud HomeArc registration: free; you pay mainly for optional governance/observability (Defender, Policy, Monitor).Replace 24×7 VM rent with once-off hardware + electricity; keep Azure security/compliance intact.Hybrid sweet spot: stable workloads local; burst/global workloads stay in public regions.✅ Implementation Checklist (Copy/Paste) A) Hardware & NetworkMini-PC with VT-x/AMD-V, 32–64 GB RAM, NVMe SSD (OS) + NVMe SSD (data)Reliable Ethernet; optional secondary node for HA/live migrationB) Arc & IdentityEnroll nodes with Azure Arc; attach to Resource Group/SubscriptionChoose Key Vault–backed local identity (no AD); enable RBAC + PIMStore secrets/certs in Key Vault; enable audit loggingC) Azure Local DeploymentVoucher USB → zero-touch enrollment → assign to SiteRun readiness checks (firmware, NICs, storage throughput)Deploy Azure Local (compute/network/storage RPs, AKS)D) Governance & SecurityApply Azure Policy: tagging, region residency, baseline hardeningEnable Defender for Cloud and Azure Monitor/Log AnalyticsSet up Update Management and Backup where neededE) WorkloadsCreate VMs via Azure Portal; configure availability across nodesDeploy AKS; wire GitOps for continuous delivery at edge sitesStandardize images (Packer) and IaC (Bicep/Terraform) for repeatabilityF) Cost & OpsTrack Monitor/Defender/Logs usage; tune retention and samplingRight-size hardware; plan 3-year refresh; keep a cold spareRun quarterly DR drills (voucher re-enroll, GitOps redeploy)🧠 Key TakeawaysKeep Azure’s brain, own the brawn. Arc + Local gives cloud-grade control without the per-hour meter.Mini-PCs are enough. Ship, plug, enroll—edge sites behave like mini regions.Ditch legacy AD at the edge. Key Vault–based certificates give lighter, auditable zero-trust.Same portal, policies, and audit. Hybrid without the governance gaps.Opex → Capex. Predictable spend, local performance, centralized security.🧩 Reference Architecture (one-liner) Voucher USB → Arc-enrolled nodes → Azure Local (compute/network/storage/AKS) → Policy/Defender/Monitor → VMs & AKS via Portal/GitOps; identity & secrets in Key Vault (no AD). 🔎 Search tags Azure Arc, Azure Local, Hybrid cloud, Edge computing, Mini-PC cluster, Key Vault certificates, Zero-touch provisioning, Arc-enabled servers, AKS at the edge, Azure Policy governance, Defender for Cloud, Cloud cost reduction, Capex vs Opex IT, GitOps Azure, On-prem Azure management 🎯 Final CTA If you’re done renting cycles, bring the cloud home: keep Azure governance, run your compute locally, and make your bill boring again. Follow for the build-out guide to image standards, GitOps patterns, and cost-guardrails for multi-site edge fleets.Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-show-podcast--6704921/support.Follow us on:LInkedInSubstack
    Mehr anzeigen Weniger anzeigen
    23 Min.
Noch keine Rezensionen vorhanden