July 17, 2025 • 36 mins
Welcome to Episode 406 of the Microsoft Cloud IT Pro Podcast. In this episode, Ben and Scott discuss their recent experiences and thoughts on Microsoft's Copilot features and agents, specifically focusing on the Researcher and Analyst agents. They share practical applications and benefits of these tools, such as using Researcher for meeting preparations and Analyst for exploring data, summarizing data, and even coming up with python script to use with data. Additionally, they cover the upcoming migration of Microsoft Sentinel to the Defender portal, discussing its implications and potential future changes for other security tools. The episode ends with a teaser about an upcoming discussion on MCPs for AI!
Your support makes this show possible! Please consider becoming a premium member for access to live shows and more. Check out our membership options.
Show Notes
Introducing Researcher and Analyst in Microsoft 365 Copilot
Introducing Deep Research in Azure AI Foundry Agent Service
Get started with Researcher in Microsoft 365 Copilot
Researcher agent in Microsoft 365 Copilot
Analyst agent in Microsoft 365 Copilot
Get started with Analyst in Microsoft 365 Copilot
New reasoning agents: Researcher and Analyst in Microsoft 365 Copilot
Planning your move to Microsoft Defender portal for all Microsoft Sentinel customers
About the sponsors
Would you like to become the irreplaceable Microsoft 365 resource for your organization? Let us know!
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:03):
Welcome to episode 406
of the Microsoft Cloud IT Pro podcast recorded
live on 07/11/2025.
This is a show about Microsoft three sixty
five and Azure from the perspective of IT
pros and end users, where we discuss a
topic or recent news and how it relates
to you. In this episode, we had this
grand plan of talking about something other than
(00:25):
Copilot, but then the analyst
research agent came up and maybe we got
a little carried away. So we kick off
the show by spending a bit talking about
these two first party agents from Microsoft that
have recently been released,
how we use them, and what our experience
has been with both the researcher and the
analyst agent. From there, we actually do manage
(00:47):
to move into some non AI news as
we talk about the recent announcement from Microsoft
about the Microsoft Sentinel portal in Azure going
away and transitioning fully to the Microsoft Defender
portal. Enjoy the show.
Do you ever walk on a plane and
you feel like there's a kid flying the
plane that you're getting on?
(01:09):
I'll let you know tomorrow when I hop
on one thing. That always makes me feel
old. I'm like, oh, man. The pile I
don't know why. I don't know why the
pilot of an airplane, I feel like a
pilot should be older than me. I know
some pilots
who are older than me and have retired,
and I'm kind of glad they retired.
Joshua Foer (01:25):
See, there is also that point.
Yeah.
I've been feeling especially old this
week, so
my
youngest
child
is turning 16. Joshua Foer (01:35):
Oh, congratulations,
I think. Is this a congratulations?
Sure. I like, it's we're getting closer taxi
service? We're getting closer to having
yet another one out of the house, so
but, like, this is a weird year. So
my oldest is going to college, my youngest
is turning 16,
And then I didn't realize it this week,
but, you know, I don't know how much
(01:57):
you kinda think about like your parents
and kinda people in your family aging as
well. It was my dad's birthday this week,
and my dad is 76.
And I was looking around, and I was
like, oh, I've got a 16 year old.
I got my dad who's, like, 76 over
here. I'm 45 and feel like I'm a
pretty broken person, so, like, I can't even
(02:17):
imagine, like, making it to 76 like my
dad at this point.
So I've been thinking a lot about age
this week. Yeah. You know what? One hit
me with my parents. My parents
are getting older as well. What my dad
was my dad just turned 70. So he's
a few years younger than your dad, but
they bought a new
vehicle,
(02:37):
like, last summer. And my mom made the
comment of this might be the last vehicle
that we'll ever buy because by the time
this vehicle it was a newer vehicle. By
the time the vehicle hits
mileage, breaks, whatever,
they won't be driving anymore.
And that one hit me. I'm like, oh,
no. My my parents can't be that old
that they're not ever gonna buy another vehicle.
(02:59):
Depending on the age your kids get to,
by the parent time your parents age out
of that vehicle, you might be looking forward
to it. So
with an 18 year old and a 16
year old, we had to break down and
buy a third car because we were tired
of just shepherding people around
jobs and things like that, but we absolutely
had the conversation. I remember my wife and
(03:20):
I had it. We're like,
which one of our parents is old enough
that they're not gonna be driving soon, so
maybe we can go get a cheap car?
Yeah. Not work out that way because all
of our parents are still driving, so we
had to go find
a a cheap one off marketplace,
one of my wife's friends, things like that.
So, yeah, the but your kids,
(03:42):
we've talked about this on the side. Few.
I still think your kids are, like, three
years old when in fact they're not. But
by the time your kids are old enough
to drive,
especially the younger the ones who are younger
today,
maybe that car that your parents got, if
they take good care of it, it'll be
passed down to you. It might be. Yeah.
Because I'll have kids driving anywhere from the
next, like, three
and a half ish years to ten years.
(04:03):
Yeah. Which we just bought a new car.
I was borderline of, like, three years is
a little bit too long to save
our old vehicle. And I won't lie. I'm
not sure that when our kids start driving,
they're gonna wanna drive around a Sienna, a
Toyota Sienna minivan with a 110,000
miles on it. So a few more years,
I'm gonna be in your boat, Scott, looking
for a replacement car. Well, you can ask
(04:26):
Microsoft Researcher or Copilot researcher
or Researcher Copilot. Researcher for Copilot. Researcher agent
inside of Microsoft
three sixty five Copilot,
I think I got all that right.
Yeah. Something like that is now out and
available. Have you had a chance to play
around with this one yet? I have. I
(04:47):
will I have not used analyst as available
too. We'll just preface that in case we
jump between them. Analyst and researcher, both agents
when available.
Research I actually really like researcher, Scott, and
it is
we could debate the validity of all these
different Copilot tools, ChattGPT, Claude, etcetera, what they
do. You're gonna laugh. What I use Researcher
for, I get you can book a meeting
(05:08):
with me through my website. Like, if anybody
goes to intelligent.com,
wants to find out more, they can book
a meeting. There's a bunch of links out
there to book meetings with me, and I
get whether it's new clients or just people
that stumble across my website, I'll get requests
for meetings of and I'm like, who is
this person? Like, it'll be super vague. It'll
maybe come from a personal email address and
(05:29):
not a work email address.
LinkedIn,
I don't always like people to know that
I went and, like, started stalking them on
LinkedIn, where so and so looked at your
profile or so and so from this company
looked at your profile.
I use Researcher, and I'll, like, go search
Bing or Google, get their LinkedIn URL if
I can find them, and, like, go tell
Researcher, hey, go tell me about this person
(05:50):
or give me a background of this person.
I've done this for companies,
new clients. Before my first meeting with them,
I'll go in and tell Researcher, hey, can
you give me a background of this company?
And it'll, like, give me a three or
four page report
on this person's job history, whatever researcher can
find out on the Internet about a particular
(06:10):
person or company, and it's actually helpful. It,
like, gives me a good background
of
that particular
person, that particular company just so I don't
have to go scour a bunch of websites
and can have a little bit more context
of who this person is or who this
company is before I meet with them the
first time. And from what I've seen,
(06:31):
it does a really good job of it.
It's surprisingly
good,
very dependent on, I think, the context you
can give it and what you pump in.
So it's definitely one of those tools, like,
what you put in is what you get
out of it kind of thing
that
can help you out. So
I've seen folks on
(06:52):
my team using it in a couple of
different ways, and
we definitely have some
I have some members of my team who
totally lean in. I think they live all
day in CoPilot, and then I have some
other ones that dip their toes in the
water
and try it out and everything in between,
but we've had a couple folks get hands
on with Researcher,
(07:13):
so
funny enough, we just went through performance review
season. Okay. I was kinda comparing and contrasting
results here between regular Copilot and the researcher
agent, and the researcher agent does a surprisingly
good job. Like, if you pump in things
like, here's my past performance reviews, here's how
I wrote my self assessment for this year,
(07:34):
help me structure my thinking in the right
way, help me quantify my impact
as an individual, as a member of a
team.
The company I work for, we have multiple
dimensions
to person evaluations,
so you can kind of pump those into
as context and say, hey, in the company
I work in, here's how I'm evaluated as
(07:55):
an individual. Here's how my peers are evaluated,
things like that.
Surprisingly good job
to the point where
I could see it being helpful for folks
or even helpful for maybe me as like
a manager in the future
to be able to structure my thinking and
get better insights into things like helping team
members get promoted and going
(08:15):
through promo docs and things like that. I've
used it for
PRDs, so for, like, product requirement documents, like,
justifications,
specifications,
things like that. It's been really good there,
especially when,
in my world, I'm often kinda comparing my
thinking and trying to ground it
(08:35):
in capabilities that exist within our competitors. So
that might be like, hey. I'm in Azure
storage, so that could be, like,
AWS
or GCP, Oracle with like OCI.
It could be just a generic more generic
like cloud competitor like Wasabi, things like that
that are out there. So it's been really
good for those kinds of things where I'm
(08:55):
not always an expert in them, like and
I'm still close enough to technology that, like,
yeah, I could go out and do it,
but I don't always have time to hop
in and get, like, super deep and hands
on with, like, the latest AWS feature, whereas
I can point this to documentation,
to
YouTube transcripts, things like that, and have it
come together.
So it's been super helpful there. And then
(09:17):
the last category I've seen folks using it
for is
to help them
put together
really good structured thinking around things like supportability
and
quality analysis
within our within some of our products. So
I've got a couple of folks who have
been able to wrangle Researcher into a thing
where
it's able actually able to help them rationalize,
(09:39):
like, insights based on, like, customer support cases
and things like that and drive us into
areas that we can go improve our products.
Right? Like, how do we improve supportability? How
do we improve quality?
All those kinds of things that are out
there. So I think just as a generic
agent that's available
out there to Microsoft three sixty five subscribers,
super cool.
(09:59):
It was also recently announced,
and I'll put a link in the show
notes. I'll grab one. It was also recently
announced that
the capabilities of a researcher agent, so things
like the internal reasoning and all that, are
also being pulled into things like Azure AI
Foundry.
So if you're an AI Foundry customer, you're
gonna be able to go be able to
go basically programmatically
(10:21):
create
your own researcher agents, which I think is
a
super cool and nifty thing as well. Yeah.
I've been a fan of Researcher, and it
uses a lot of like, if you've used
the OpenAI Researcher,
this is using or the DeepResearch. This is
using OpenAI's DeepResearch.
It also says that this is using,
(10:41):
like, some special Microsoft three sixty five advanced
orchestration and deep search capabilities.
The one thing that's always interesting about these
and it makes sense. Right? Like, Copilot, you
go in and chat, you get an answer
back really quick. Some of this research one,
you go type it in, and you might
have to wait, like, five or ten minutes
for it to finish typing up all the
details because it's really going out and
(11:04):
scouring
the Internet, looking at your Microsoft three sixty
five data, looking at all the things.
Just like if you were gonna go in
and do a bunch of research, it takes
you a little longer than just a quick
search. So don't, like, expect researcher to pull
you a bunch of data, like, two minutes
before a meeting starts. Plan ahead a little
bit if you're gonna run a deep research
(11:25):
or researcher query. All things, it's kinda, like,
only as good as the inputs you give
it. I've noticed this more and more that
a lot of the examples for these things
and even if you go, like, look at,
like, the blog post that announces this,
they're very
simplistic in the nature of the prompts that
are fed into these things, right? They
they're trying to give people,
(11:48):
I think a little bit of a view
that, like, oh, yeah, you can just type
two sentences and get this really
deep, meaningful thing out of it.
My experience is that, yeah, you can do
the two sentence thing, and you'll get something
that looks deep and meaningful, but the reality
is it's just a bunch of AI slop.
You do still have to come in and
put on your prompt engineering hat, provide all
(12:10):
the context that you need, all the directions.
You you do have to go through
the those iterations and machinations along the way.
Like like, to date, there's no way around
that, but I think that's a good thing.
Right? Because it still kinda grounds us as
humans to go in there and perform some
of that stuff ourselves,
which I think is where, like, humans continue
(12:32):
to have a bunch of the value too
in, like, the chain of, like, how we
use these AI tools
is in the ability to
see, like, the good patterns, the crappy patterns,
the in between patterns, all the things that
they spit out, and then be able to
kinda,
rationalize those and then refine them and
(12:52):
continue
to push them through. So
I'm excited to see, even outside of just
Researcher, more
agents that are kinda built in like this
and ready to go.
And the directionality
of, hey, agent structured agent x y zed
shows up in m three sixty five chat,
like Researcher, for example.
And then it also comes as more of
(13:15):
an agentic workflow
with a Researcher capability inside Copilot Studio, and
then it also comes with a full programmatic
capability inside of Azure AI Foundry. So you
eventually get to this, like, pretty cool three
sixty view of the world where you can
either meet your customers where they are if
you're a company who's developing things on top
of these tools,
(13:35):
or your user base can just, like, use
them out of the box, right, if you're
an m three Copilot customer. Yep. You know
what else I wanna see in agents, Scott?
We're not gonna dive into this teaser. Future
podcast episode, we'll talk more about these. I
wanna see MCPs
in agents
in Copilot. That stuff is out there as
well. For another day. Researchers out there. The
other one that's out there is analyst. I
(13:56):
don't know if you've had a chance to
get hands on with analyst or I have
not. Find a use case for that one
yet. No. I don't do a lot of
like, this one points more towards data scientists
feeding in a bunch of raw data.
This one's built on just going through some
of the announcements here on OpenAI's
o three mini reasoning model
(14:18):
and really optimizing more for data or a
data analyst type of job. I don't have
a lot of that. I do have some
data. It would be interesting to see if
I could get it in here and spit
something out where I've generated, like, a whole
bunch of data around sharing links to prep
for Copilot and
have it kinda analyze
(14:38):
that. But, no, in my day to day,
I am doing a lot more research type
stuff than analyst type stuff. So this is
when I had just it's just because it
hasn't applied to what I do day to
day, I haven't spent as much time playing
with that one. I think it is very
specific to a role, right, like depending on
how you get in there and what you
use.
My roles
(14:59):
and the folks on my team, we end
up wearing a little bit of, I think,
of a data science hat. Like,
I spend a lot of time in things
like service telemetry,
Kusto telemetry,
trying to understand, like, feature usage. Right? Like,
hey. We just rolled out this new feature.
How many customers have it enabled? How long
have they had it enabled? What's the churn?
(15:20):
All sorts of things within that. So quite
often the telemetry that I'm dealing with
is,
just really big numbers. Right? I could see
hundreds of millions
to billions
to trillions of
calls a day if I'm looking at something
like transaction patterns.
It could be hundreds of millions of storage
(15:41):
accounts, things like that. So I've been trying
to use this particularly when I build
new reports or, like, new PBIs and things
like that as we launch new things. Like,
I've had not so decent luck with, like,
Copilot inside of Power BI and things like
that to help me figure out, like, what's
a new view, or what's a way that
I could present this data in a meaningful
way that helps me rationalize it or helps
(16:04):
others? Like,
hey. I'm me as a product manager. I
wanna see this. What would maybe, like, one
of my VPs wanna see kinda thing? But
analyst has been good for that. So I
can't pump in all the data that I
have, but I've been able to find that
I can pump in truncated datasets. Okay. And
then because it's
because it's integrated
and it understands
(16:25):
how to write Python
and spit out things like use like pandas
and Yep. Pandas extensions, things like that,
So you can spin in a smaller dataset,
and you can have it kinda churn on
it and figure it out. But the things
that it'll give you is it will give
you, like, the Python code to then go
and put that in, like, a Jupyter notebook
(16:45):
or things like that and be able to
run it on, like, a broader scale
and a bigger dataset. So it's been helpful
for some of that stuff. The other one
that I've seen it's helpful for is
because it's doing Python
and it's doing
Pandas extensions and things like that is if
you're somebody who's maybe new to Python and
Excel and you're trying to figure out some
(17:06):
of like the visualization capabilities and things like
that are available,
it can be really good for just like
leaning you really quick into out of the
box Python functions that are available
that are gonna help you visualize
your data in different ways and kinda kinda
take a new pivot and
understand it. So I think it's one that
I still need to spend more time and
get a little bit more hands on with
(17:27):
to, like, really see
where's the value and what goes on. But
I could see, like, a whole bunch of
folks, particularly in organizations
that maybe they're not like me where I'm
coming in with, like, a massive dataset that's
gigabytes and gigabytes of data coming out of
a database, but just a spreadsheet. Maybe I'm,
like, tracking my POs in a spreadsheet.
I'm doing, like, logistics.
(17:49):
Like you said, hey. I'm tracking this analysis
of sharing links or things like that. Like,
if it's just sitting there in Excel, it's
ultimately consumable by a tool like this, which
makes it pretty turnkey.
Do you feel overwhelmed by trying to manage
your Office three sixty five environment? Are you
facing unexpected issues that disrupt your company's productivity?
(18:11):
Intelligink is here to help. Much like you
take your car to the mechanic that has
specialized knowledge on how to best keep your
car running, Intelligent helps you with your Microsoft
cloud environment because that's their expertise.
Intelligent keeps up with the latest updates in
the Microsoft cloud to help keep your business
running smoothly and ahead of the curve. Whether
you are a small organization with just a
(18:32):
few users up to an organization of several
thousand employees, they want to partner with you
to implement and administer your Microsoft cloud technology.
Visit them at inteliginc.com/podcast.
That's intelligink.com/podcast
(18:52):
for more information or to schedule a thirty
minute call to get started with them today.
Remember, Intelligink focuses on the Microsoft cloud so
you can focus on your business.
One of my questions was gonna be what
you mentioned in terms of, like, how much
data you can pump in. It says you
can pump in Excel spreadsheet. You can pump
(19:12):
in, like, CSVs or TSV files.
But I was curious, like, are we
talking thousands of rows, hundreds of thousands of
rows?
Have you found, like, where that breaking point
is by doing truncated datasets? I've just assumed
that it's not gonna be able to deal
with, like, tens of millions of rows or
(19:33):
things like that. So what I've been tending
to doing is stick to a 100,000 rows
or less, and that's been okay. Like so
if, like, if I'm writing a big SQL
query to pull out what would be 20,000,000
rows a day for the past seven days,
I'll write that query in a way where
it's actually, hey, just give me 10,000 rows
a day for the past seven days, but
(19:53):
then help me go and put that in
a spreadsheet. And then, like I said, I
use this, I think, as a little bit
as the
the starting point to help me wrap my
brain around it and see, like, what kind
of insights can be derived
versus me just having to ultimately, like, go
in and, like, stare at that data and
just drag things around randomly,
see, like, what's the right way to
(20:14):
to present this because I'm not a full
time data scientist, right? Like arguably, I'm not
a data scientist, and arguably, I'm overfunctioning by
doing some of these things, and I'm probably
doing my job. That said, I still
do them, and they're still a part of
my role today. So being that it's not
one of my superpowers,
this is one of those things that's a
pretty good,
a pretty good crotch slash enabler
(20:35):
for me to be able to lean on.
You mean it's a good co pilot to
help you lean on and assist you?
I could've just done that. I could've just
said, hey, it's that copilot thing. Yeah. It's
I'm hoping, like I said, that beyond researcher
and analyst and
prompt coach and writing coach and some of
these other things that are out there as
baked in agents,
I continue to hope
(20:57):
that market grows
as
a direct first party offering from Microsoft.
And I think like where you really see
like the rubber hit the road, like I
said, is when these things grow out of
like M365
Copilot, and and then they start to bleed
in a Copilot studio, AI Foundry, and then
customers can kinda
pick them up from wherever they are
(21:18):
in in in their life cycle of things.
But Researcher,
by far, like, super cool, super super powerful.
Like, folks should definitely go take a look
at that one if they have access to
it. Absolutely. And if you are looking for
it, we should mention that too. Because I've
had a few people that'd be like, not
an app researcher yet. Like you said, it
is an agent. So if you're in Teams,
it's not gonna show up by default yet.
(21:40):
You should have, like, the agent panel up
there where you can go click to get
agents, and then you go click, get agents.
Researcher, analyst should both show up for you
as available agents
assuming you have that Microsoft three sixty five
Copilot license, and then you can just go
click to add that agent to Teams, and
then it shows up as one of those
available agents in your list of agents. This
(22:02):
goes back to an earlier conversation we had.
Right? Like, that depends on your entry point
to Copilot
and how you get there. So that's the
team side. If you're just going into, like,
that new
Copilot if you're going into the Copilot app
or, like, the default landing page, hey, you
go portal.office.com,
get redirected
over to blah blah blah .microsoft.cloud,
whatever it is today. Whatever that one is.
(22:22):
Yeah. Whatever that one is. You'll also see
it there.
So agents appear above your chats, but they're
in the same kinda chat section.
So so, yeah, the they just lead right
up there. Absolutely.
So if you don't have it, go look
for it. Try to install that agent. Add
that agent. There are some other cool agents
out there. I haven't done as much with
(22:42):
the other one. Like, there's an idea coach
and, the visual creator is an agent and
some of those. So go check out the
agents. Only as good as what you put
in is what you get out.
Don't take the example prompts that you see
in blog posts and things like that. It's
like that's, like, not the amount of effort
you should be putting into these things. You
should be putting in more.
There's actually an agent out there which is
(23:04):
a prompt coach.
I believe it's available to everybody. Let me
go look here. But yeah. We can take
a look real quick. Yeah. Right there. Prompt
coach. So
you can use things like prompt coach to
go and think about your prompts and what
you're gonna put in there.
So like, hey, help me generate a prompt
that I'm gonna use in Researcher to perform
(23:24):
this research. I I'm hoping for this expected
outcome, this set of outputs, things like that,
and it'll help you kind of along the
way. So if you're struggling with ideas there
about, like, how to write a good prompt,
prompt coach is another good one. Yeah. That
was one other thing I was gonna say.
Researcher does help a little bit with that
too, I've noticed. Like, if I put in
a super short researcher prompt, it will actually
(23:45):
ask me for more details sometimes. It'll be
like, well, what do you want? Do you
want this or this? Or it'll say, just
tell me go ahead, and it'll make its
best guess. But researcher does do a little
bit more to try to at least encourage
you to write,
I would say, more complete
prompts versus just a single sentence.
So
that be that. Scott, are you ready for
(24:07):
some noncopilot
news?
Funny enough, we set out to do today.
I didn't think I was gonna spend time
talking about being old and just about Researcher
for that long, but, yeah, here we are
once again. Here we are. It happens. We
do what we do. This was an announcement
I caught today. I don't know when this
one actually
July 1. Oh, man, Scott. I'm old. We're
(24:28):
out I'm behind on my news. This was,
like, a week and a half ago for
when I'm recording this, but
this one, I found interesting. So
back
November,
so a couple years ago no. A year
and a half ago, Microsoft
unified
or not necessarily unified,
but pulled Microsoft
(24:49):
Sentinel
into Defender XDR or the Defender portal, security.microsoft.com,
so that you could go into Defender
and
add Sentinel in there. You can manage Sentinel.
You can write your Sentinel queries. Like, almost
the full
interaction with Sentinel, right in Defender. Well, come
07/01/2025
now, Microsoft announced that they are moving to
(25:12):
the next phase of the transition
with a target to retire the Azure portal
for Microsoft Sentinel by 07/01/2026.
So gave you twelve months
where
Sentinel's
just gonna go away in Azure at least
from the portal aspect. Like, this is one
(25:32):
that I wanna see where this goes. Say
customers not using the Defender portal should plan
their transition accordingly.
I mean, I have a few thoughts here.
One, this makes sense. Right? Let's unify
security
in the security center. Let's make one portal,
security.microsoft.com,
to do all the security stuff. I mean,
(25:52):
it's single pane of glass. Right. That's a
good thing from an experience perspective, right, especially
if you are Yes. The folks who have
to wrangle and manage these services. Like, they
they have been
fairly disparate, and I think that does make
it tough. So, yeah, putting them all under
the Defender umbrella
makes sense. It's probably
more about the way the capabilities manifest within
(26:13):
there, right, like, depending on how you interact
with them and how they come across. So
It'll be interesting to see because Sentinel is
really I don't wanna call it
an add on, but it kind of is.
It's almost like an add on to log
analytics. Like, it sits on top of
a log analytics workspace,
Azure Monitor workspace,
however you wanna describe it, to the point
(26:36):
of, I've done this before, Scott. I don't
know if this is supported or not, so
nobody do this and tell me that it's
unsupported. It may or may not be. Where
I've had to move Sentinel from one Azure
subscription to the next because it is tied
to a subscription or resource group, all of
that, you can actually uninstall
sent you can't move Sentinel from one subscription
to another, but you can uninstall Sentinel from
(26:58):
your log analytics workspace,
move the log analytics workspace, then reinstall Sentinel
on top of the log analytics workspace to
move it. But that leads to there's a
lot of Azure y stuff yet involved in
Sentinel from the log analytics workspace.
Sentinel is still a
pay per use type of
construct
based on an Azure subscription. And, like, are
(27:19):
they gonna pull this in where it's gonna
be similar to, like, the SharePoint
I think it's still called Syntex, but it's
essentially all the SharePoint
PAYGo stuff where now you're still gonna have
to, like, tie your security
center to an Azure subscription
so that you can do all the PAYGo
stuff. And there's also a few things yet
within Sentinel. I had it up here. Where'd
(27:40):
my Sentinel go? Like, the workspace
manager where you can manage multiple
Sentinel workspaces
within Sentinel.
And
some of these,
I would say, they're more intricacies of Sentinel
that aren't there yet in Defender for now.
Again, my assumption is they're gonna bring all
that stuff over. They're gonna start
(28:00):
migrating all the UI over, but it does
still leave me with some questions on how
some of that's gonna work a year from
now. Like all things, you see a little
bit more of some of the stuff that's
been pretty thematic lately where, like, with these
SaaSy products or it's software as a service,
and it's moving around and doing those kinds
of things.
I imagine over time, it all gets incorporated
(28:23):
in a similar way,
hopefully, without too much, like,
who moved my cheese kinda pain along the
way. Yeah. And Microsoft's gonna start redirecting you.
So they say in here preparing for the
retirement.
They're committed to supporting every single customer making
that transition, Scott. But beginning July
1,
so twelve months from now, users are gonna
(28:44):
start getting automatically redirected over the security center.
If you haven't done it now, like, I
also encourage you if you haven't done this
yet, you can already connect the two. If
you're using Sentinel, go into your security center
and connect it all up because it does
give you that single pane of glass, single
place to go. I'm also curious with this,
Scott, how close behind
(29:06):
Microsoft Defender for Cloud will be because that's
going to be the remaining
security construct.
So that was a question
in the back of my head, right? There's
a whole ton of stuff under Defender for
Cloud, which is
100%
Azure only, like
and doesn't
manifest in any other way, at least
(29:27):
I'm maybe a little close to home for
me in storage land. There's Microsoft Defender for
storage, which is part of Defender for cloud,
and that's Defender for Azure storage. That's not
Defender for
for
every other object storage provider that's out there
kind of thing. So
I don't know, but I I one one
would wonder because Defender for Cloud is, like,
(29:48):
the whole other part of the issue that
still hasn't dropped. I would speculate.
I would dare to bet that we will
see an announcement
sometime in the next year. Because in the
next year, we've got Ignite coming up. We
have different events coming up. We got another
Ignite, a build. Yeah. Yep. I would guess
one of those, we're gonna see some type
of announcement, not that Defender for Cloud is
(30:10):
retiring, but that it starts getting pulled into
Security Center. To me, it makes sense.
It started. I would say Defender
I call it Security Center. It's not even
Security Center anymore. Microsoft Defender started as security
and compliance for Microsoft March.
But even as you look at it now,
like, you have your vulnerability management for your
endpoints on there. You have Sentinel in there
(30:33):
now.
You have different exposure management,
Defender for cloud apps.
Security Center already has started transitioning,
I would say or Defender. I need to
call it the right thing. Microsoft Defender
already has started transitioning to a broader
this is your Microsoft cloud
security
(30:53):
portal for all things, for endpoints,
for identities.
Because let's face it, we say Defender for
Cloud is the whole Azure aspect of it,
but you're still gonna have identities,
which are already in Defender.
So it kinda
makes sense that we would just see all
of these
Defender for Cloud, Sentinel,
all the Microsoft three sixty five security stuff,
(31:15):
like a single
portal for all things Microsoft cloud security? Yeah.
The single pane of glass isn't bad. I'm
not saying there's anything bad about it. I
do wonder sometimes about just the
the spread of services that show up because
I think in a lot of organizations,
the folks who do security,
it's one thing to say we have a
(31:36):
security org, but I would bet within most
security orgs you have the folks who work
on identity,
and you have the folks who work on
endpoints,
and you have the folks who work on
your
even your differentiated endpoints, maybe just like your
virtual machines or your cloud hosted things. So
that still seems pretty prevalent. And so so
(31:56):
I do wonder how that manifests in a
single pane of glass experience. Right? Like, does
this thing eventually get our backed to the
end
of nothingness where you come in and, like,
hey. I log in, and I'm only an
admin for Defender for cloud, and, specifically, like,
all I can see is storage accounts. Like,
does now that home page just become a
blank page and a blank view for me
kinda thing? So,
(32:18):
yeah, I don't know. We'll see how it
manifests over time. I'm sure there's somebody else
who's getting paid way more money than you
or I to think about it. So I
mean, I think it does. You already have
it somewhat. Like, you can go in already
to your security center and your permissions and
look at roles for cloud apps. Because this
is another one that's kinda been
rolled in over time as Microsoft Defender for
(32:39):
cloud app or it used to be cloud
app security, MCAS, Microsoft cloud app security, where
you can now go in and set roles
for,
different cloud discovery,
or there's security operator roles. There's app instance
roles. Is that every global admin? So I
think you're right in that you start like,
there's a whole section for endpoint roles and
(33:02):
what roles you wanna assign people for endpoints
and defender.
So I think you are gonna see that
RBAC come into play where people are going
to
you could still limit people to just certain
security roles in the Defender portal. I think
it's one of those things we'll have to
watch over the next year, two years depending
on if timeline shift, things like that? This
(33:23):
was an interesting one. I'm actually kinda looking
forward to this, keeping an eye on this,
how it manifests itself over the coming months.
I think it's great for you, like, as
a service provider. Right? Like, if you could
hop into a customer's environment, get access, have
that one stop shopping and that, like,
great, like, top down view of everything that's
out there. Like, that that that's all goodness.
(33:44):
I think I'd wanna see the balance between,
like, folks like you doing that kind of
activity versus
maybe far more granular, like, hey. I'm down
here, and this is, like, the one part
of the sandbox that I play in. I
don't care about seeing cloud apps and email
and collaboration
and identities because to your point, all I'm
worried about is endpoint or all I'm worried
about, even within endpoint,
(34:05):
is IoT security. That's a thing as well
in some big companies where people are just
focused on security for IoT. Yeah. Makes sense.
Alright. Turns out we made it through another
one. We did. And we still had a
topic or two to talk about that we'll
have to maybe talk about later. But I'm
also excited
to talk about MCPs, Scott. I've been playing
with these. We started talking about this a
(34:26):
week ago. I've been planning for this episode,
Scott. I've got all kinds of thoughts.
Yeah. Teaser. Did I put something on your
list that you're actually into? Oh, yeah. You
absolutely put something on my list. I should
have been doing client work last night. Instead,
I was up from, like I don't know.
I put the kids to bed at nine.
I think I was playing with just different
MCPs and playing around with some things from,
like, 09:00 until, like, 12:30 or one last
(34:49):
night.
Perfect.
We'll have to talk about, like, how many
ports are open for weird little MPM servers
running on your local desktop.
But we'll leave that for we'll leave that
for another episode.
Teaser for upcoming episodes,
MCPs, or if you have questions.
So if you're still listening and you have
questions about MCPs or thoughts about MCPs
(35:11):
that you would like covered in a future
episode, Let us know. Reach out LinkedIn,
contact form on the website,
book a meeting with me now that you
can do that on my website, and then
I will send researcher after you to learn
all about you.
However you would like to reach out via
the social media or website, if there's anything
you wanna know, we'll include
(35:32):
questions, comments in our MCP episode when we
record that one. But until next time
Sounds good. I'm gonna go keep playing with
MCP, so I got a whole bunch more
to talk about.
Perfect. Alright. Thanks, Scott. We'll talk to you
next time.
If you enjoyed the podcast, go leave us
a five star rating in iTunes. It helps
(35:53):
to get the word out so more IT
pros can learn about Office three sixty sixty
five and Azure.
If you have any questions you want us
to address on the show, or feedback about
the show, feel free to reach out via
our website, Twitter, or Facebook.
Thanks again for listening, and have a great
day.
Welcome to episode 406
of the Microsoft Cloud IT Pro podcast recorded
live on 07/11/2025.
This is a show about Microsoft three sixty
five and Azure from the perspective of IT
pros and end users, where we discuss a
topic or recent news and how it relates
to you. In this episode, we had this
grand plan of talking about something other than
(00:25):
Copilot, but then the analyst
research agent came up and maybe we got
a little carried away. So we kick off
the show by spending a bit talking about
these two first party agents from Microsoft that
have recently been released,
how we use them, and what our experience
has been with both the researcher and the
analyst agent. From there, we actually do manage
(00:47):
to move into some non AI news as
we talk about the recent announcement from Microsoft
about the Microsoft Sentinel portal in Azure going
away and transitioning fully to the Microsoft Defender
portal. Enjoy the show.
Do you ever walk on a plane and
you feel like there's a kid flying the
plane that you're getting on?
(01:09):
I'll let you know tomorrow when I hop
on one thing. That always makes me feel
old. I'm like, oh, man. The pile I
don't know why. I don't know why the
pilot of an airplane, I feel like a
pilot should be older than me. I know
some pilots
who are older than me and have retired,
and I'm kind of glad they retired.
Joshua Foer (01:25):
See, there is also that point.
Yeah.
I've been feeling especially old this
week, so
my
youngest
child
is turning 16. Joshua Foer (01:35):
Oh, congratulations,
I think. Is this a congratulations?
Sure. I like, it's we're getting closer taxi
service? We're getting closer to having
yet another one out of the house, so
but, like, this is a weird year. So
my oldest is going to college, my youngest
is turning 16,
And then I didn't realize it this week,
but, you know, I don't know how much
(01:57):
you kinda think about like your parents
and kinda people in your family aging as
well. It was my dad's birthday this week,
and my dad is 76.
And I was looking around, and I was
like, oh, I've got a 16 year old.
I got my dad who's, like, 76 over
here. I'm 45 and feel like I'm a
pretty broken person, so, like, I can't even
(02:17):
imagine, like, making it to 76 like my
dad at this point.
So I've been thinking a lot about age
this week. Yeah. You know what? One hit
me with my parents. My parents
are getting older as well. What my dad
was my dad just turned 70. So he's
a few years younger than your dad, but
they bought a new
vehicle,
(02:37):
like, last summer. And my mom made the
comment of this might be the last vehicle
that we'll ever buy because by the time
this vehicle it was a newer vehicle. By
the time the vehicle hits
mileage, breaks, whatever,
they won't be driving anymore.
And that one hit me. I'm like, oh,
no. My my parents can't be that old
that they're not ever gonna buy another vehicle.
(02:59):
Depending on the age your kids get to,
by the parent time your parents age out
of that vehicle, you might be looking forward
to it. So
with an 18 year old and a 16
year old, we had to break down and
buy a third car because we were tired
of just shepherding people around
jobs and things like that, but we absolutely
had the conversation. I remember my wife and
(03:20):
I had it. We're like,
which one of our parents is old enough
that they're not gonna be driving soon, so
maybe we can go get a cheap car?
Yeah. Not work out that way because all
of our parents are still driving, so we
had to go find
a a cheap one off marketplace,
one of my wife's friends, things like that.
So, yeah, the but your kids,
(03:42):
we've talked about this on the side. Few.
I still think your kids are, like, three
years old when in fact they're not. But
by the time your kids are old enough
to drive,
especially the younger the ones who are younger
today,
maybe that car that your parents got, if
they take good care of it, it'll be
passed down to you. It might be. Yeah.
Because I'll have kids driving anywhere from the
next, like, three
and a half ish years to ten years.
(04:03):
Yeah. Which we just bought a new car.
I was borderline of, like, three years is
a little bit too long to save
our old vehicle. And I won't lie. I'm
not sure that when our kids start driving,
they're gonna wanna drive around a Sienna, a
Toyota Sienna minivan with a 110,000
miles on it. So a few more years,
I'm gonna be in your boat, Scott, looking
for a replacement car. Well, you can ask
(04:26):
Microsoft Researcher or Copilot researcher
or Researcher Copilot. Researcher for Copilot. Researcher agent
inside of Microsoft
three sixty five Copilot,
I think I got all that right.
Yeah. Something like that is now out and
available. Have you had a chance to play
around with this one yet? I have. I
(04:47):
will I have not used analyst as available
too. We'll just preface that in case we
jump between them. Analyst and researcher, both agents
when available.
Research I actually really like researcher, Scott, and
it is
we could debate the validity of all these
different Copilot tools, ChattGPT, Claude, etcetera, what they
do. You're gonna laugh. What I use Researcher
for, I get you can book a meeting
(05:08):
with me through my website. Like, if anybody
goes to intelligent.com,
wants to find out more, they can book
a meeting. There's a bunch of links out
there to book meetings with me, and I
get whether it's new clients or just people
that stumble across my website, I'll get requests
for meetings of and I'm like, who is
this person? Like, it'll be super vague. It'll
maybe come from a personal email address and
(05:29):
not a work email address.
LinkedIn,
I don't always like people to know that
I went and, like, started stalking them on
LinkedIn, where so and so looked at your
profile or so and so from this company
looked at your profile.
I use Researcher, and I'll, like, go search
Bing or Google, get their LinkedIn URL if
I can find them, and, like, go tell
Researcher, hey, go tell me about this person
(05:50):
or give me a background of this person.
I've done this for companies,
new clients. Before my first meeting with them,
I'll go in and tell Researcher, hey, can
you give me a background of this company?
And it'll, like, give me a three or
four page report
on this person's job history, whatever researcher can
find out on the Internet about a particular
(06:10):
person or company, and it's actually helpful. It,
like, gives me a good background
of
that particular
person, that particular company just so I don't
have to go scour a bunch of websites
and can have a little bit more context
of who this person is or who this
company is before I meet with them the
first time. And from what I've seen,
(06:31):
it does a really good job of it.
It's surprisingly
good,
very dependent on, I think, the context you
can give it and what you pump in.
So it's definitely one of those tools, like,
what you put in is what you get
out of it kind of thing
that
can help you out. So
I've seen folks on
(06:52):
my team using it in a couple of
different ways, and
we definitely have some
I have some members of my team who
totally lean in. I think they live all
day in CoPilot, and then I have some
other ones that dip their toes in the
water
and try it out and everything in between,
but we've had a couple folks get hands
on with Researcher,
(07:13):
so
funny enough, we just went through performance review
season. Okay. I was kinda comparing and contrasting
results here between regular Copilot and the researcher
agent, and the researcher agent does a surprisingly
good job. Like, if you pump in things
like, here's my past performance reviews, here's how
I wrote my self assessment for this year,
(07:34):
help me structure my thinking in the right
way, help me quantify my impact
as an individual, as a member of a
team.
The company I work for, we have multiple
dimensions
to person evaluations,
so you can kind of pump those into
as context and say, hey, in the company
I work in, here's how I'm evaluated as
(07:55):
an individual. Here's how my peers are evaluated,
things like that.
Surprisingly good job
to the point where
I could see it being helpful for folks
or even helpful for maybe me as like
a manager in the future
to be able to structure my thinking and
get better insights into things like helping team
members get promoted and going
(08:15):
through promo docs and things like that. I've
used it for
PRDs, so for, like, product requirement documents, like,
justifications,
specifications,
things like that. It's been really good there,
especially when,
in my world, I'm often kinda comparing my
thinking and trying to ground it
(08:35):
in capabilities that exist within our competitors. So
that might be like, hey. I'm in Azure
storage, so that could be, like,
AWS
or GCP, Oracle with like OCI.
It could be just a generic more generic
like cloud competitor like Wasabi, things like that
that are out there. So it's been really
good for those kinds of things where I'm
(08:55):
not always an expert in them, like and
I'm still close enough to technology that, like,
yeah, I could go out and do it,
but I don't always have time to hop
in and get, like, super deep and hands
on with, like, the latest AWS feature, whereas
I can point this to documentation,
to
YouTube transcripts, things like that, and have it
come together.
So it's been super helpful there. And then
(09:17):
the last category I've seen folks using it
for is
to help them
put together
really good structured thinking around things like supportability
and
quality analysis
within our within some of our products. So
I've got a couple of folks who have
been able to wrangle Researcher into a thing
where
it's able actually able to help them rationalize,
(09:39):
like, insights based on, like, customer support cases
and things like that and drive us into
areas that we can go improve our products.
Right? Like, how do we improve supportability? How
do we improve quality?
All those kinds of things that are out
there. So I think just as a generic
agent that's available
out there to Microsoft three sixty five subscribers,
super cool.
(09:59):
It was also recently announced,
and I'll put a link in the show
notes. I'll grab one. It was also recently
announced that
the capabilities of a researcher agent, so things
like the internal reasoning and all that, are
also being pulled into things like Azure AI
Foundry.
So if you're an AI Foundry customer, you're
gonna be able to go be able to
go basically programmatically
(10:21):
create
your own researcher agents, which I think is
a
super cool and nifty thing as well. Yeah.
I've been a fan of Researcher, and it
uses a lot of like, if you've used
the OpenAI Researcher,
this is using or the DeepResearch. This is
using OpenAI's DeepResearch.
It also says that this is using,
(10:41):
like, some special Microsoft three sixty five advanced
orchestration and deep search capabilities.
The one thing that's always interesting about these
and it makes sense. Right? Like, Copilot, you
go in and chat, you get an answer
back really quick. Some of this research one,
you go type it in, and you might
have to wait, like, five or ten minutes
for it to finish typing up all the
details because it's really going out and
(11:04):
scouring
the Internet, looking at your Microsoft three sixty
five data, looking at all the things.
Just like if you were gonna go in
and do a bunch of research, it takes
you a little longer than just a quick
search. So don't, like, expect researcher to pull
you a bunch of data, like, two minutes
before a meeting starts. Plan ahead a little
bit if you're gonna run a deep research
(11:25):
or researcher query. All things, it's kinda, like,
only as good as the inputs you give
it. I've noticed this more and more that
a lot of the examples for these things
and even if you go, like, look at,
like, the blog post that announces this,
they're very
simplistic in the nature of the prompts that
are fed into these things, right? They
they're trying to give people,
(11:48):
I think a little bit of a view
that, like, oh, yeah, you can just type
two sentences and get this really
deep, meaningful thing out of it.
My experience is that, yeah, you can do
the two sentence thing, and you'll get something
that looks deep and meaningful, but the reality
is it's just a bunch of AI slop.
You do still have to come in and
put on your prompt engineering hat, provide all
(12:10):
the context that you need, all the directions.
You you do have to go through
the those iterations and machinations along the way.
Like like, to date, there's no way around
that, but I think that's a good thing.
Right? Because it still kinda grounds us as
humans to go in there and perform some
of that stuff ourselves,
which I think is where, like, humans continue
(12:32):
to have a bunch of the value too
in, like, the chain of, like, how we
use these AI tools
is in the ability to
see, like, the good patterns, the crappy patterns,
the in between patterns, all the things that
they spit out, and then be able to
kinda,
rationalize those and then refine them and
(12:52):
continue
to push them through. So
I'm excited to see, even outside of just
Researcher, more
agents that are kinda built in like this
and ready to go.
And the directionality
of, hey, agent structured agent x y zed
shows up in m three sixty five chat,
like Researcher, for example.
And then it also comes as more of
(13:15):
an agentic workflow
with a Researcher capability inside Copilot Studio, and
then it also comes with a full programmatic
capability inside of Azure AI Foundry. So you
eventually get to this, like, pretty cool three
sixty view of the world where you can
either meet your customers where they are if
you're a company who's developing things on top
of these tools,
(13:35):
or your user base can just, like, use
them out of the box, right, if you're
an m three Copilot customer. Yep. You know
what else I wanna see in agents, Scott?
We're not gonna dive into this teaser. Future
podcast episode, we'll talk more about these. I
wanna see MCPs
in agents
in Copilot. That stuff is out there as
well. For another day. Researchers out there. The
other one that's out there is analyst. I
(13:56):
don't know if you've had a chance to
get hands on with analyst or I have
not. Find a use case for that one
yet. No. I don't do a lot of
like, this one points more towards data scientists
feeding in a bunch of raw data.
This one's built on just going through some
of the announcements here on OpenAI's
o three mini reasoning model
(14:18):
and really optimizing more for data or a
data analyst type of job. I don't have
a lot of that. I do have some
data. It would be interesting to see if
I could get it in here and spit
something out where I've generated, like, a whole
bunch of data around sharing links to prep
for Copilot and
have it kinda analyze
(14:38):
that. But, no, in my day to day,
I am doing a lot more research type
stuff than analyst type stuff. So this is
when I had just it's just because it
hasn't applied to what I do day to
day, I haven't spent as much time playing
with that one. I think it is very
specific to a role, right, like depending on
how you get in there and what you
use.
My roles
(14:59):
and the folks on my team, we end
up wearing a little bit of, I think,
of a data science hat. Like,
I spend a lot of time in things
like service telemetry,
Kusto telemetry,
trying to understand, like, feature usage. Right? Like,
hey. We just rolled out this new feature.
How many customers have it enabled? How long
have they had it enabled? What's the churn?
(15:20):
All sorts of things within that. So quite
often the telemetry that I'm dealing with
is,
just really big numbers. Right? I could see
hundreds of millions
to billions
to trillions of
calls a day if I'm looking at something
like transaction patterns.
It could be hundreds of millions of storage
(15:41):
accounts, things like that. So I've been trying
to use this particularly when I build
new reports or, like, new PBIs and things
like that as we launch new things. Like,
I've had not so decent luck with, like,
Copilot inside of Power BI and things like
that to help me figure out, like, what's
a new view, or what's a way that
I could present this data in a meaningful
way that helps me rationalize it or helps
(16:04):
others? Like,
hey. I'm me as a product manager. I
wanna see this. What would maybe, like, one
of my VPs wanna see kinda thing? But
analyst has been good for that. So I
can't pump in all the data that I
have, but I've been able to find that
I can pump in truncated datasets. Okay. And
then because it's
because it's integrated
and it understands
(16:25):
how to write Python
and spit out things like use like pandas
and Yep. Pandas extensions, things like that,
So you can spin in a smaller dataset,
and you can have it kinda churn on
it and figure it out. But the things
that it'll give you is it will give
you, like, the Python code to then go
and put that in, like, a Jupyter notebook
(16:45):
or things like that and be able to
run it on, like, a broader scale
and a bigger dataset. So it's been helpful
for some of that stuff. The other one
that I've seen it's helpful for is
because it's doing Python
and it's doing
Pandas extensions and things like that is if
you're somebody who's maybe new to Python and
Excel and you're trying to figure out some
(17:06):
of like the visualization capabilities and things like
that are available,
it can be really good for just like
leaning you really quick into out of the
box Python functions that are available
that are gonna help you visualize
your data in different ways and kinda kinda
take a new pivot and
understand it. So I think it's one that
I still need to spend more time and
get a little bit more hands on with
(17:27):
to, like, really see
where's the value and what goes on. But
I could see, like, a whole bunch of
folks, particularly in organizations
that maybe they're not like me where I'm
coming in with, like, a massive dataset that's
gigabytes and gigabytes of data coming out of
a database, but just a spreadsheet. Maybe I'm,
like, tracking my POs in a spreadsheet.
I'm doing, like, logistics.
(17:49):
Like you said, hey. I'm tracking this analysis
of sharing links or things like that. Like,
if it's just sitting there in Excel, it's
ultimately consumable by a tool like this, which
makes it pretty turnkey.
Do you feel overwhelmed by trying to manage
your Office three sixty five environment? Are you
facing unexpected issues that disrupt your company's productivity?
(18:11):
Intelligink is here to help. Much like you
take your car to the mechanic that has
specialized knowledge on how to best keep your
car running, Intelligent helps you with your Microsoft
cloud environment because that's their expertise.
Intelligent keeps up with the latest updates in
the Microsoft cloud to help keep your business
running smoothly and ahead of the curve. Whether
you are a small organization with just a
(18:32):
few users up to an organization of several
thousand employees, they want to partner with you
to implement and administer your Microsoft cloud technology.
Visit them at inteliginc.com/podcast.
That's intelligink.com/podcast
(18:52):
for more information or to schedule a thirty
minute call to get started with them today.
Remember, Intelligink focuses on the Microsoft cloud so
you can focus on your business.
One of my questions was gonna be what
you mentioned in terms of, like, how much
data you can pump in. It says you
can pump in Excel spreadsheet. You can pump
(19:12):
in, like, CSVs or TSV files.
But I was curious, like, are we
talking thousands of rows, hundreds of thousands of
rows?
Have you found, like, where that breaking point
is by doing truncated datasets? I've just assumed
that it's not gonna be able to deal
with, like, tens of millions of rows or
(19:33):
things like that. So what I've been tending
to doing is stick to a 100,000 rows
or less, and that's been okay. Like so
if, like, if I'm writing a big SQL
query to pull out what would be 20,000,000
rows a day for the past seven days,
I'll write that query in a way where
it's actually, hey, just give me 10,000 rows
a day for the past seven days, but
(19:53):
then help me go and put that in
a spreadsheet. And then, like I said, I
use this, I think, as a little bit
as the
the starting point to help me wrap my
brain around it and see, like, what kind
of insights can be derived
versus me just having to ultimately, like, go
in and, like, stare at that data and
just drag things around randomly,
see, like, what's the right way to
(20:14):
to present this because I'm not a full
time data scientist, right? Like arguably, I'm not
a data scientist, and arguably, I'm overfunctioning by
doing some of these things, and I'm probably
doing my job. That said, I still
do them, and they're still a part of
my role today. So being that it's not
one of my superpowers,
this is one of those things that's a
pretty good,
a pretty good crotch slash enabler
(20:35):
for me to be able to lean on.
You mean it's a good co pilot to
help you lean on and assist you?
I could've just done that. I could've just
said, hey, it's that copilot thing. Yeah. It's
I'm hoping, like I said, that beyond researcher
and analyst and
prompt coach and writing coach and some of
these other things that are out there as
baked in agents,
I continue to hope
(20:57):
that market grows
as
a direct first party offering from Microsoft.
And I think like where you really see
like the rubber hit the road, like I
said, is when these things grow out of
like M365
Copilot, and and then they start to bleed
in a Copilot studio, AI Foundry, and then
customers can kinda
pick them up from wherever they are
(21:18):
in in in their life cycle of things.
But Researcher,
by far, like, super cool, super super powerful.
Like, folks should definitely go take a look
at that one if they have access to
it. Absolutely. And if you are looking for
it, we should mention that too. Because I've
had a few people that'd be like, not
an app researcher yet. Like you said, it
is an agent. So if you're in Teams,
it's not gonna show up by default yet.
(21:40):
You should have, like, the agent panel up
there where you can go click to get
agents, and then you go click, get agents.
Researcher, analyst should both show up for you
as available agents
assuming you have that Microsoft three sixty five
Copilot license, and then you can just go
click to add that agent to Teams, and
then it shows up as one of those
available agents in your list of agents. This
(22:02):
goes back to an earlier conversation we had.
Right? Like, that depends on your entry point
to Copilot
and how you get there. So that's the
team side. If you're just going into, like,
that new
Copilot if you're going into the Copilot app
or, like, the default landing page, hey, you
go portal.office.com,
get redirected
over to blah blah blah .microsoft.cloud,
whatever it is today. Whatever that one is.
(22:22):
Yeah. Whatever that one is. You'll also see
it there.
So agents appear above your chats, but they're
in the same kinda chat section.
So so, yeah, the they just lead right
up there. Absolutely.
So if you don't have it, go look
for it. Try to install that agent. Add
that agent. There are some other cool agents
out there. I haven't done as much with
(22:42):
the other one. Like, there's an idea coach
and, the visual creator is an agent and
some of those. So go check out the
agents. Only as good as what you put
in is what you get out.
Don't take the example prompts that you see
in blog posts and things like that. It's
like that's, like, not the amount of effort
you should be putting into these things. You
should be putting in more.
There's actually an agent out there which is
(23:04):
a prompt coach.
I believe it's available to everybody. Let me
go look here. But yeah. We can take
a look real quick. Yeah. Right there. Prompt
coach. So
you can use things like prompt coach to
go and think about your prompts and what
you're gonna put in there.
So like, hey, help me generate a prompt
that I'm gonna use in Researcher to perform
(23:24):
this research. I I'm hoping for this expected
outcome, this set of outputs, things like that,
and it'll help you kind of along the
way. So if you're struggling with ideas there
about, like, how to write a good prompt,
prompt coach is another good one. Yeah. That
was one other thing I was gonna say.
Researcher does help a little bit with that
too, I've noticed. Like, if I put in
a super short researcher prompt, it will actually
(23:45):
ask me for more details sometimes. It'll be
like, well, what do you want? Do you
want this or this? Or it'll say, just
tell me go ahead, and it'll make its
best guess. But researcher does do a little
bit more to try to at least encourage
you to write,
I would say, more complete
prompts versus just a single sentence.
So
that be that. Scott, are you ready for
(24:07):
some noncopilot
news?
Funny enough, we set out to do today.
I didn't think I was gonna spend time
talking about being old and just about Researcher
for that long, but, yeah, here we are
once again. Here we are. It happens. We
do what we do. This was an announcement
I caught today. I don't know when this
one actually
July 1. Oh, man, Scott. I'm old. We're
(24:28):
out I'm behind on my news. This was,
like, a week and a half ago for
when I'm recording this, but
this one, I found interesting. So
back
November,
so a couple years ago no. A year
and a half ago, Microsoft
unified
or not necessarily unified,
but pulled Microsoft
(24:49):
Sentinel
into Defender XDR or the Defender portal, security.microsoft.com,
so that you could go into Defender
and
add Sentinel in there. You can manage Sentinel.
You can write your Sentinel queries. Like, almost
the full
interaction with Sentinel, right in Defender. Well, come
07/01/2025
now, Microsoft announced that they are moving to
(25:12):
the next phase of the transition
with a target to retire the Azure portal
for Microsoft Sentinel by 07/01/2026.
So gave you twelve months
where
Sentinel's
just gonna go away in Azure at least
from the portal aspect. Like, this is one
(25:32):
that I wanna see where this goes. Say
customers not using the Defender portal should plan
their transition accordingly.
I mean, I have a few thoughts here.
One, this makes sense. Right? Let's unify
security
in the security center. Let's make one portal,
security.microsoft.com,
to do all the security stuff. I mean,
(25:52):
it's single pane of glass. Right. That's a
good thing from an experience perspective, right, especially
if you are Yes. The folks who have
to wrangle and manage these services. Like, they
they have been
fairly disparate, and I think that does make
it tough. So, yeah, putting them all under
the Defender umbrella
makes sense. It's probably
more about the way the capabilities manifest within
(26:13):
there, right, like, depending on how you interact
with them and how they come across. So
It'll be interesting to see because Sentinel is
really I don't wanna call it
an add on, but it kind of is.
It's almost like an add on to log
analytics. Like, it sits on top of
a log analytics workspace,
Azure Monitor workspace,
however you wanna describe it, to the point
(26:36):
of, I've done this before, Scott. I don't
know if this is supported or not, so
nobody do this and tell me that it's
unsupported. It may or may not be. Where
I've had to move Sentinel from one Azure
subscription to the next because it is tied
to a subscription or resource group, all of
that, you can actually uninstall
sent you can't move Sentinel from one subscription
to another, but you can uninstall Sentinel from
(26:58):
your log analytics workspace,
move the log analytics workspace, then reinstall Sentinel
on top of the log analytics workspace to
move it. But that leads to there's a
lot of Azure y stuff yet involved in
Sentinel from the log analytics workspace.
Sentinel is still a
pay per use type of
construct
based on an Azure subscription. And, like, are
(27:19):
they gonna pull this in where it's gonna
be similar to, like, the SharePoint
I think it's still called Syntex, but it's
essentially all the SharePoint
PAYGo stuff where now you're still gonna have
to, like, tie your security
center to an Azure subscription
so that you can do all the PAYGo
stuff. And there's also a few things yet
within Sentinel. I had it up here. Where'd
(27:40):
my Sentinel go? Like, the workspace
manager where you can manage multiple
Sentinel workspaces
within Sentinel.
And
some of these,
I would say, they're more intricacies of Sentinel
that aren't there yet in Defender for now.
Again, my assumption is they're gonna bring all
that stuff over. They're gonna start
(28:00):
migrating all the UI over, but it does
still leave me with some questions on how
some of that's gonna work a year from
now. Like all things, you see a little
bit more of some of the stuff that's
been pretty thematic lately where, like, with these
SaaSy products or it's software as a service,
and it's moving around and doing those kinds
of things.
I imagine over time, it all gets incorporated
(28:23):
in a similar way,
hopefully, without too much, like,
who moved my cheese kinda pain along the
way. Yeah. And Microsoft's gonna start redirecting you.
So they say in here preparing for the
retirement.
They're committed to supporting every single customer making
that transition, Scott. But beginning July
1,
so twelve months from now, users are gonna
(28:44):
start getting automatically redirected over the security center.
If you haven't done it now, like, I
also encourage you if you haven't done this
yet, you can already connect the two. If
you're using Sentinel, go into your security center
and connect it all up because it does
give you that single pane of glass, single
place to go. I'm also curious with this,
Scott, how close behind
(29:06):
Microsoft Defender for Cloud will be because that's
going to be the remaining
security construct.
So that was a question
in the back of my head, right? There's
a whole ton of stuff under Defender for
Cloud, which is
100%
Azure only, like
and doesn't
manifest in any other way, at least
(29:27):
I'm maybe a little close to home for
me in storage land. There's Microsoft Defender for
storage, which is part of Defender for cloud,
and that's Defender for Azure storage. That's not
Defender for
for
every other object storage provider that's out there
kind of thing. So
I don't know, but I I one one
would wonder because Defender for Cloud is, like,
(29:48):
the whole other part of the issue that
still hasn't dropped. I would speculate.
I would dare to bet that we will
see an announcement
sometime in the next year. Because in the
next year, we've got Ignite coming up. We
have different events coming up. We got another
Ignite, a build. Yeah. Yep. I would guess
one of those, we're gonna see some type
of announcement, not that Defender for Cloud is
(30:10):
retiring, but that it starts getting pulled into
Security Center. To me, it makes sense.
It started. I would say Defender
I call it Security Center. It's not even
Security Center anymore. Microsoft Defender started as security
and compliance for Microsoft March.
But even as you look at it now,
like, you have your vulnerability management for your
endpoints on there. You have Sentinel in there
(30:33):
now.
You have different exposure management,
Defender for cloud apps.
Security Center already has started transitioning,
I would say or Defender. I need to
call it the right thing. Microsoft Defender
already has started transitioning to a broader
this is your Microsoft cloud
security
(30:53):
portal for all things, for endpoints,
for identities.
Because let's face it, we say Defender for
Cloud is the whole Azure aspect of it,
but you're still gonna have identities,
which are already in Defender.
So it kinda
makes sense that we would just see all
of these
Defender for Cloud, Sentinel,
all the Microsoft three sixty five security stuff,
(31:15):
like a single
portal for all things Microsoft cloud security? Yeah.
The single pane of glass isn't bad. I'm
not saying there's anything bad about it. I
do wonder sometimes about just the
the spread of services that show up because
I think in a lot of organizations,
the folks who do security,
it's one thing to say we have a
(31:36):
security org, but I would bet within most
security orgs you have the folks who work
on identity,
and you have the folks who work on
endpoints,
and you have the folks who work on
your
even your differentiated endpoints, maybe just like your
virtual machines or your cloud hosted things. So
that still seems pretty prevalent. And so so
(31:56):
I do wonder how that manifests in a
single pane of glass experience. Right? Like, does
this thing eventually get our backed to the
end
of nothingness where you come in and, like,
hey. I log in, and I'm only an
admin for Defender for cloud, and, specifically, like,
all I can see is storage accounts. Like,
does now that home page just become a
blank page and a blank view for me
kinda thing? So,
(32:18):
yeah, I don't know. We'll see how it
manifests over time. I'm sure there's somebody else
who's getting paid way more money than you
or I to think about it. So I
mean, I think it does. You already have
it somewhat. Like, you can go in already
to your security center and your permissions and
look at roles for cloud apps. Because this
is another one that's kinda been
rolled in over time as Microsoft Defender for
(32:39):
cloud app or it used to be cloud
app security, MCAS, Microsoft cloud app security, where
you can now go in and set roles
for,
different cloud discovery,
or there's security operator roles. There's app instance
roles. Is that every global admin? So I
think you're right in that you start like,
there's a whole section for endpoint roles and
(33:02):
what roles you wanna assign people for endpoints
and defender.
So I think you are gonna see that
RBAC come into play where people are going
to
you could still limit people to just certain
security roles in the Defender portal. I think
it's one of those things we'll have to
watch over the next year, two years depending
on if timeline shift, things like that? This
(33:23):
was an interesting one. I'm actually kinda looking
forward to this, keeping an eye on this,
how it manifests itself over the coming months.
I think it's great for you, like, as
a service provider. Right? Like, if you could
hop into a customer's environment, get access, have
that one stop shopping and that, like,
great, like, top down view of everything that's
out there. Like, that that that's all goodness.
(33:44):
I think I'd wanna see the balance between,
like, folks like you doing that kind of
activity versus
maybe far more granular, like, hey. I'm down
here, and this is, like, the one part
of the sandbox that I play in. I
don't care about seeing cloud apps and email
and collaboration
and identities because to your point, all I'm
worried about is endpoint or all I'm worried
about, even within endpoint,
(34:05):
is IoT security. That's a thing as well
in some big companies where people are just
focused on security for IoT. Yeah. Makes sense.
Alright. Turns out we made it through another
one. We did. And we still had a
topic or two to talk about that we'll
have to maybe talk about later. But I'm
also excited
to talk about MCPs, Scott. I've been playing
with these. We started talking about this a
(34:26):
week ago. I've been planning for this episode,
Scott. I've got all kinds of thoughts.
Yeah. Teaser. Did I put something on your
list that you're actually into? Oh, yeah. You
absolutely put something on my list. I should
have been doing client work last night. Instead,
I was up from, like I don't know.
I put the kids to bed at nine.
I think I was playing with just different
MCPs and playing around with some things from,
like, 09:00 until, like, 12:30 or one last
(34:49):
night.
Perfect.
We'll have to talk about, like, how many
ports are open for weird little MPM servers
running on your local desktop.
But we'll leave that for we'll leave that
for another episode.
Teaser for upcoming episodes,
MCPs, or if you have questions.
So if you're still listening and you have
questions about MCPs or thoughts about MCPs
(35:11):
that you would like covered in a future
episode, Let us know. Reach out LinkedIn,
contact form on the website,
book a meeting with me now that you
can do that on my website, and then
I will send researcher after you to learn
all about you.
However you would like to reach out via
the social media or website, if there's anything
you wanna know, we'll include
(35:32):
questions, comments in our MCP episode when we
record that one. But until next time
Sounds good. I'm gonna go keep playing with
MCP, so I got a whole bunch more
to talk about.
Perfect. Alright. Thanks, Scott. We'll talk to you
next time.
If you enjoyed the podcast, go leave us
a five star rating in iTunes. It helps
(35:53):
to get the word out so more IT
pros can learn about Office three sixty sixty
five and Azure.
If you have any questions you want us
to address on the show, or feedback about
the show, feel free to reach out via
our website, Twitter, or Facebook.
Thanks again for listening, and have a great
day.
Popular Podcasts
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.