This week Richard, David, and Cyrus cover agent governance, Copilot adoption pressures, AI memory architecture, and a prototyping workflow that bypassed design tools entirely. David walks through two tools from Meryl Fernando for querying Microsoft Graph via MCP, Microsoft's open source Agent Governance Toolkit and its response to the OWASP agentic AI top ten, and MemPalace, an AI memory project with an unexpected connection to The Fifth Element.

Richard looks at what the Copilot adoption numbers mean going into Microsoft's Q3 earnings, shares a prototyping workflow that produced a high-fidelity demo using GitHub Copilot and Claude instead of PowerPoint or Visio, and notes the Sentinel portal migration deadline has moved again to March 2027. Cyrus covers the security updates at pace, closing with a striking data point: 61% of C-suite leaders surveyed say their AI model assets or data have already been compromised.

Blog
The Microsoft Cloud Blog

YouTube
Cloudy with a Chance of Insights - YouTube

Soicials
Twitter / X
BlueSky
LinkedIn
Threads
Facebook

Music
Null Invocation: Monochrome Pulse
Monochrome Pulse on Soundcloud

For all the links to the articles etc, please visit the companion blog site.
The Microsoft Cloud Blog

Episode 31 of Cloudy with a Chance of Insights, the fortnightly Microsoft Cloud podcast with Richard Hogan, Cyrus Irandoust, and David Rowley. This week: a cluster of end-of-support deadlines that deserve more attention than they're getting, IBM and Microsoft private preview work on Sentinel Lake and custom security graphs that Richard can finally talk about, why Power Platform's own governance team admitted the model is broken, and an honest first-week account of Claude Code from someone who burnt through the daily token limit in 90 minutes.

Extended support for Windows Server 2016 ends January 12, 2027, and the Microsoft article announcing Extended Security Updates references Azure Arc as the delivery mechanism — which David flagged as either an intentional positioning move or a drafting oversight worth questioning. Also in the frame: SQL Server 2016 ESU ending July 2026, Server 2012 extended security updates ending October 2026, and SQL Server 2014 following in July 2027. These workloads are stable, quiet, and being systematically deprioritised in favour of AI projects. That combination rarely ends well.

Since October last year, IBM has been working with Microsoft on the private preview for Sentinel Lake and custom graph builds — ingesting asset data from Tenable, Qualys, and ServiceNow to surface connections that standard KQL queries would never surface. Richard covers the architecture, the friction points (VS Code as the only real interface, GQL instead of KQL, scheduled jobs, cost implications for data freshness), and what the Graph Explorer in Defender is going to change when it arrives. Custom graphs moved to public preview on April 1st.

A blog post from Ryan Jones on the Power Apps team published April 1st effectively acknowledged that traditional governance models break down when something can be built and deployed in a day. Pair that with figures suggesting nearly 30% of enterprise employees are already using unsanctioned AI agents, and Agent 365 heading toward GA in May, and the gap becomes difficult to ignore.

Cyrus covers proactive user containment reaching general availability as part of Defender XDR's predictive shielding feature — containment at the endpoint layer, not a simple Entra disable — and the shift from MDM to declarative device management for Apple devices in Intune, a change driven by Apple but with real implications for anyone managing iOS, iPadOS, or macOS at scale.

Richard's unfiltered first-week take on Claude Code: token consumption, peak and off-peak limits, VS Code integration differences, and why coming from a GitHub Copilot world will catch you off guard faster than you expect.

• Windows Server 2016 end of support announcement
• Microsoft Sentinel custom graphs public preview
• Power Platform adaptive governance framework
• What's new in Microsoft Defender XDR

Subscribe for a new episode every two weeks. Recorded this week with Cyrus and David technically on annual leave, which probably explains the vibe.

As AI tools make it increasingly easy to build something “good enough”, this episode asks an uncomfortable question: where does real differentiation actually sit now?

We use recent Microsoft Cloud updates as a starting point, including certification changes, early moves to treat AI agents as identities within Zero Trust, and a series of security and governance shifts across Purview, Defender, Entra, and Intune. Those threads lead into a deeper discussion about identity as the real perimeter, post breach tooling built on Microsoft Graph, and why AI assisted development is starting to flatten outcomes rather than improve them.

The conversation then turns toward vibe coding and the future of applications. If building tools is this easy, what does an app even mean anymore, and how do organisations avoid repeating old governance mistakes, just at AI speed?

Blog
The Microsoft Cloud Blog

YouTube
Cloudy with a Chance of Insights - YouTube

Soicials
Twitter / X
BlueSky
LinkedIn
Threads
Facebook

Music
Null Invocation: Monochrome Pulse
Monochrome Pulse on Soundcloud

For all the links to the articles etc, please visit the companion blog site.
The Microsoft Cloud Blog