Copilots, Chaos and Control: Getting Real About AI Productivity

In this Fun, no‑filter session, Laura and Claire put multiple Microsoft Copilots through their paces to show how everyday business users can actually get work done faster in the new world of AI. They will contrast “AI magic” with good old‑fashioned automation, proving that simple rules, flows, and templates still quietly solve a huge chunk of real problems alongside Copilot‑powered experiences in Microsoft 365, Power Platform & Power BI.

Through live demos, honest commentary, and a few deliberate “AI fails,” you’ll see what Copilots are brilliant at, where they fall short, and how to combine them with lightweight automation to get reliable, repeatable outcomes instead of AI theatre.

The session will also lift the lid on security and data reality: what Copilots can see, where the real risks lurk, and how to avoid turning an access‑permissions mess into an AI‑powered data leak. You will hear practical, plain‑English guidance on mitigating risk with sensible permissions, data classification, and governance so you can say “yes” to AI without losing sleep. Finally, Laura and Claire will share a simple, repeatable checklist to prepare you & your data and content so Copilots look smart instead of confused, helping your organisation get value from AI faster.

What you’ll walk away with
By the end of this session, delegates will:

Understand the different types of Microsoft Copilots available to business users and where they appear in day‑to‑day tools (email, documents, data analytics, line‑of‑business apps).

Know when to reach for Copilot versus simple automations and how they can work together instead of competing.

Recognise common security and data‑governance risks when using Copilots and have practical steps to mitigate them.

Have a clear, non‑technical checklist for preparing content and data so Copilot responses are more accurate, relevant, and safe.
!
Come and Enjoy Laura and Claire break everything so you don't have to !

Agents Under Control: The Admin Playbook for Copilot Agents

Creating a secure foundation with governance guardrails for Copilot Studio & Copilot Studio Lite agents requires an in-depth understanding of technical capabilities across multiple platforms, portals, and technologies, from Microsoft 365 to the Power Platform Admin Center and from Purview to Entra ID.

Getting to grips with all of this complexity can be difficult and confusing!

This session unpacks the essentials of:

* Tenant-level technical foundations & environment strategy
* Connectors, knowledge sources, and publishing controls
* Agent lifecycle & ALM patterns
* Monitoring and analytics
* Data security, audit logging & compliance

We’ll provide you with a clear, practical understanding of how to put effective guardrails in place without slowing innovation. We’ll share real-world patterns for bringing order, visibility, and control to your organization’s agent landscape.

You will take home with a clear picture of the key tools and practices for helping your organization (or a customer) sustainably and securely build agents in Copilot Studio and Copilot Studio Lite.

This session is well-suited for Power Platform and agent admins, architects, and IT Pros seeking a compelling look at an effective strategy for agent security and governance.

Agent security and governance 101

Creating a secure and governed framework for Power Platform, Copilot Studio & Copilot Studio Lite agents takes in-depth understanding of technical capabilities spread out over multiple platforms, portals and technologies, from Microsoft 365 to Purview and from Power Platform Admin Center to Entra ID.

In this tutorial, immerse yourself in the fundamentals of agent governance and security, including:

* Managing sprawl - or why you should govern your agents like cattle, not pets
* Laying the technical foundations for your tenant and environments, incl. building or tweaking your environment strategy to facilitate sustainable development of agents
* Making the Dataverse security model work for you & your agents
* Managing connectors, knowledge sources, agent authoring and publishing channels
* Agent lifecycle & ALM patterns
* Agent monitoring & analytics
* Data security, audit logging and related considerations
* Governing and securing advanced scenarios like agent-to-agent & MCP

During the day, seasoned pros will guide you through effective and practical agent security & governance patterns and practices, while providing experience-based tips and stories from the field to illustrate the discussed topics.

This tutorial is well-suited for Power Platform and agent admins, architects and IT Pros wanting to get a compelling look at an effective strategy for agent security and governance.

Advanced security for agents with Defender and Entra GSA

As agents transition from technical novelty to mainstream digital employees handling high-value tasks across organizations, security and governance measures have to keep pace.

In this session, we walk through advanced capabilities from Entra and Defender that help defend against attacks on mission-critical agents by incorporating capabilities like web content filtering and threat intelligence with Entra GSA and runtime protection with Defender for Cloud Apps. We also explain why privilege escalation is a real risk to consider and why you need to carefully consider which identities agents use to access resources through connectors.

Finally, we take a look at security considerations related to conversation transcripts which Copilot Studio agents store in Dataverse. Transcripts can contain sensitive data ranging from PII to confidential business plans which means you now need to take Dataverse access management and auditing seriously.

This advanced session takes aims to help you get a realistic grip on cutting edge security capabilities for agents. You will take home a clear idea on when to look at adding an additional layer of security to your agent, as well as an understanding of the pre-requisites and mitigated risks.

The session is well-suited for those working with agents and/or security, as well as anyone looking to get an update on the cutting edge of agentic security.

A Mad Scientist’s Guide to Testing M365 Copilot and Copilot Studio Agents (Without Iosing your job)

Testing and breaking Copilots without code to understand what your governance and agent controls are missing.

Everyone is shipping AI. Almost no one is testing it.
And those who are… have the thousand-yard stare of people who’ve seen a model rewrite HR policy at 2 a.m.
Your organisation just unleashed Copilot licences on thousands of unsuspecting users. Somewhere in the building, three Copilot Studio agents were stitched together late last Tuesday. Two can email customers. One can read finance data. None of them have been tested. At all.
This session is for the brave experimenter now responsible for that creature.
Together we’ll descend into the lab and become the agent’s least favourite person: the one who breaks it on purpose—before someone with a Reddit account, a grudge, and a free afternoon does it for you. You’ll see why chat-based Copilot and action-based agents are entirely different species, why most disasters aren’t caused by brilliant attackers but by boring sludge (a 300 page PDF, a forwarded email chain, a forgotten SharePoint site), and why “it worked in the demo” is the most expensive sentence ever spoken in enterprise AI.
Expect two live experiments. No code. No smoke machines. Just consequences.
• Experiment One: We gently poison an HR Copilot Studio agent using a single SharePoint document and watch it cheerfully violate its own rules. Then we stabilise the specimen using configuration alone.
• Experiment Two: We wire two agents together and observe what happens when a harmless looking summary step quietly launders a prompt injection between them. One guardrail later, the monster behaves. Same input. Completely different outcome.
Along the way we’ll dissect:
prompt injection without the scary jargon, the four kinds of tests most teams mysteriously skip, the ethical decisions hiding behind perfectly innocent configuration toggles, and what really changes the moment you let agents talk to each other (spoiler: your bill screams first).
It’s technical. It’s entertaining. You will leave with a test plan small enough to actually run on Monday—no torches required.
________________________________________
What You’ll Take Away 🧪
A five minute surface map
Four questions you must answer before any test plan exists:
what your agent can read, what it can write, who it thinks it is, and who is allowed to talk to it.
The four tests teams pretend they don’t need
Functional, behavioural, adversarial, and evaluative testing—plus concrete examples for both chatty copilots and action wielding agents.
A reusable adversarial playbook
Six cheap, repeatable attack patterns you can unleash on any Copilot or Copilot Studio agent:
direct override, indirect injection, role play laundering, scope drift, tool coercion, and output smuggling.
How to break agents without touching code
Using only materials a normal user can produce: documents, emails, transcripts, and “helpful” knowledge sources no one groomed.
A multi agent failure mode checklist
Prompt laundering, identity confusion, runaway loops, silent disagreement—what they look like, why they happen, and how to test for each before they escape the lab.
A six step test plan you can steal
Small enough to fit on a single page. Tough enough to survive a model update on a Tuesday morning.
Clearer sight of the ethics panel you never convened
Groundedness vs honest uncertainty. Helpful retrieval vs oversharing. Autonomy vs ask first—each hiding behind a deceptively friendly checkbox.
________________________________________
Who Should Attend 🧠
Solution architects, makers, admins, governance leads, and the QA curious.
Anyone who is now responsible for an AI system they didn’t build, don’t fully control, and can’t quite see inside.
Bring scepticism.
Leave with a checklist.
And maybe label your switches more carefully.

"Low Code, High Chaos: Taming the Shadow IT Beast"

Buckle up, business and tech leaders. We're about to embark on a wild ride through the untamed jungle of Low Code. In this action-packed 50-minute adventure, we'll explore the double-edged sword that's revolutionizing business processes while simultaneously giving IT departments nightmares.
Low Code platforms promise to empower citizen developers and accelerate digital transformation. But as these tools proliferate across departments faster than you can say "drag-and-drop," a new form of Shadow IT is emerging, threatening to plunge your carefully crafted tech ecosystem into chaos.
Join us as we:
Uncover the hidden dangers lurking in the Low Code undergrowth, based on years of experience with small, medium and enterprise clients.
Reveal shocking tales of real clients where governance has gone wrong
Equip you with battle-tested strategies to manage the mayhem
You'll leave this session armed with practical tips to harness the power of Low Code while keeping your IT landscape from descending into anarchy. Don't miss this chance to stay ahead of the curve and turn potential pandemonium into productivity.
Warning: This session may cause sudden urges to implement robust governance frameworks and revaluate your entire Low Code strategy. Proceed with caution – and a sense of humour!

Being Neurodiverse is not as rare as we think it is

It is estimated 15 to 20% of the population are neurodivergent. Quite a few neurodivergent people like problem solving, work well with numbers and have a flair with computers so in the IT world that percentage is going to be higher. So the chances are your team, your workplace even your family will include a few neurodivergent people. And every possibility they haven’t told anyone.

How do we as a community, a company or a family create an inclusive team to include them? How does a heavily neurodivergent team include a neurotypical personality into the team?

How does being neurodivergent affect our mental health? How do we explain “my brain doesn’t work like that” without sounding mad or just giving excuses? How do we create a balance between it being seen by some as a disability and others as a superpower? We will share our experiences, the current theories and look forward to hearing yours.

Power Platform Best Practices in Architecture

The Power Platform has emerged as a game-changing suite of tools for building low-code applications and automation, enabling organizations to accelerate their digital transformation journey. However, harnessing the full potential of this platform necessitates a solid architectural foundation. The "Power Platform Best Practices in Architecture" workshop comprehensively explores architecting solutions on the Power Platform and beyond. Whilst not Lab based this is an interactive session, with use cases, quizzes, team and individual use case projects.

The workshop encompasses various topics, addressing fundamental and advanced aspects of Power Platform architecture. Participants will gain insights into the significance of extending the Power Platform's capabilities and how it fits into the broader enterprise architecture landscape.

One of the critical dimensions of this workshop is defining the distinct roles of software architects, solution architects, and enterprise architects in the Power Platform context. Moreover, the session explores the roles of development architects and admin architects, shedding light on how they collaborate to create robust solutions.

The interplay between applications and data is a pivotal theme in this workshop, as attendees will learn to choose the right data source for the job, including SharePoint, file-based storage, Dataverse, and databases. Likewise, they will discover how to choose the most suitable app type for specific scenarios, whether it's SharePoint forms, Canvas apps, or Model-driven apps.

Integration with Azure services and other backend systems is another significant aspect of this workshop. Participants will delve into integration scenarios and gain the knowledge to select the optimal Azure service, such as Azure Functions, APIs, or Service Bus, to connect Power Platform solutions with external services seamlessly.

A strong focus on reusability, maintainability, and fostering an open-minded approach to architecture will be emphasized throughout the workshop, equipping attendees with the tools to craft solutions that stand the test of time.

Real-world use cases and the opportunity to review others' work in architecture add practical depth to the workshop. Attendees will learn from both exemplary and cautionary examples, enabling them to understand the "good, bad, and ugly" in solution architecture.

The "Power Platform Best Practices in Architecture" workshop offers an in-depth exploration of architecting solutions on the Power Platform. With a blend of theoretical insights and practical wisdom, participants will be empowered to design robust, scalable, and future-proof solutions that leverage the full potential of the Power Platform.

Workshop Prerequisites 🛠️

For this workshop, some experience with Power Platform is recommended, whether you're a developer or an architect. While laptops are not required, feel free to bring them along for note-taking or research. The session will be a mix of theory, demos, and practical exercises based on real-life scenarios. You'll also have the chance to participate in both individual and group activities, where you can share your experiences and discuss best practices with others.

Looking forward to seeing you there!

Fabric - What is it and why should Power platform care.

Join us for an Fun, demo laden workshop, designed for those eager to deepen their understanding of Microsoft Fabric and its transformative impact on the Microsoft Power Platform. This session is tailored for Developers and Architects who are ready to dive into the "power" of Fabric teamed with Dataverse.
In this level 200 workshop, we will explore the core functionalities of Microsoft Fabric, what are the key components and what's changed and review the architecture behind it and how that impacts Power platform. Including Data exports from Dataverse, Day to day PowerBI analytics and reading from Fabric with Virtual tables.
Key Topics:
Understanding Microsoft Fabric:
Discover the architecture and components of Microsoft Fabric, including its role as a centralized hub for data analytics,
Deep Dive into Data Exports:
Explore how Microsoft Fabric integrates with the Power Platform to streamline workflows and enhance data accessibility. Dive into Data Exports to Fabric with a live demo, understand what the "Link" means. Discuss Power BI options for data modeling from Dataverse.
Using Fabric in Power apps and automations:
Look at options including Virtual tables to read data in the Apps and automations with a live demo.
Recap the key benefits of combining Fabric and Power Platform:
Discuss the Limitations and best practices , as well as how Fabric can help Data management and reduce costs.
Takeaways:
Better understanding of what Fabric is and how it can be used with power platform, the risks, mitigations and benefits of combining with power platform in your solutions.

Enhancing Microsoft Fabric with Power Automate

Enhancing Microsoft Fabric with Power Automate
Microsoft Fabric can ingest, transform, store and then let the business analyse the data to make those important data driven decisions. The toolset includes ways to orchestrate and schedule the data journey from raw to a conformed layer and onto a reporting layer. So what does Power Automate bring to the table to enhance this?

Lets start with demonstrating how Power Automate Desktop can interact with that old legacy system to fetch the data ready for Microsoft Fabric to ingest. Then onto how to use AI Builder to extract data from documents and into Microsoft Fabric. Next we will move onto showing how Power Automate can enhance orchestration of the data journey from raw to conformed. Finally we will look how Data Activator and Power Automate work together to enhance the reflex to act in custom ways. Interweaving as we go the governance and security issues that we should be aware of.

Fun filled demo-rich session from experts in the Microsoft Fabric and Power Platform stack. Every demo will have blogs and YouTube videos supporting them.

Weave your own Fabric and Power Platform Solution

Come join us for a hands on workshop day exploring and building with Microsoft Fabric and Power Platform. Weaving together these exciting low-code platforms to create real working solutions for a business use case.

In this workshop we will take a real business problem and work through a design and straight into building the solution. You will get a chance to work with data in Fabric and Dataverse together. And then bring ing Apps and Flows from Power Platform to add that business interaction and of course Power BI to report on it all.

A fast, fun, demo filled workshop showing Power Platform and Fabric working together at their best.

Securing and Monitoring M365 Copilot, Copilot Studio and Azure AI

This session dives deep into the latest strategies and tools to manage the new challenges of AI infused data residing in our tenants.

Using a mix of architecture, use cases and demos, we will explore how Microsoft Purview, along with other out-of-the-box tools, can be harnessed to locate and safeguard your data.

M365 Copilot and agents - understand the architecture and where the data model and data are held, alongside what tools are available today to both secure and monitor.

Copilot Studio and Agents - review typical architectures to understand both the security risks and how to access the data from an analytics perspective. Then review with Purview and Copilot Hub what methods can be used to tag and secure our AI data. Including when building Agents and extensibility.

Role based Copilots like Copilot for Sales and service, what if any differences in data management do we have to consider

Azure AI services and Azure Open AI, review the risks and data management techniques available as well as what's on the road map.

Throughout this session I will give use cases and scenarios to help you understand both the risks and mitigations, as well as where there are opportunities for Analytics and further reporting.

Whether you are an IT professional, security expert, or a business leader, this session will equip you with the knowledge and tools needed to navigate the complexities of securing and monitoring your AI and cloud environments. Don’t miss this opportunity to stay ahead of the curve and ensure your organization’s digital assets are protected.

This session is primarily a security topic, but is also of interest to admins , and IT leaders being asked how to manage this AI mess. Data teams will also have an interest in data locations and possibilities to monitor the AI data.

Bringing Calm to the Agentic Chaos

Discover what is needed to secure and govern solutions and data with the Microsoft Copilot Family, from Sharepoint agents to copilot studio to AI foundry. This session looks at what tools and steps are available to help secure data, when using Copilots, what to look out for and how to remain compliant in the face of the AI onslaught. Looking at how Microsoft Purview with M365 and power platform support security best practices. Manage PII data and who can see what and who can share what.
This session looks at Auditing, Information protection, Compliance communication, Data loss prevention, data lineage and how they can be used to ensure M365 Copilot and Copilot studio stay compliant, whilst also monitoring and protecting your business.

aimed at Admins and security teams , this session is also applicable to IT Managers and CISOs. it can be compressed into a 30 min slot or with full demos and example last up to 4 hrs, depending on session. typically delivered in 50-60 mins for a good all round security overview

Secure and sustainable vibe development - top risks and mitigations

Low-code/no-code platforms and AI-assisted tooling have lowered the barrier of entry to solution development for a significant number of people. While this represents a major leap forward in enabling business to create their own tooling and enhance productivity, unchecked "vibe development" also causes significant security and compliance risks, as well as new governance challenges.

In this session, we highlight key risks such as authentication failures and authorization misuse, sensitive data leakage and use of vulnerable components, among others. We suggest effective mitigations and remedies for each risk from the Power Platform admin toolkit, showing how to use the latest Microsoft features and capabilities to implement guardrails against the hazards of AI-boosted development.

Topics such as MCP server controls, Agent to Agent guardrails and the latest security and governance features for Copilot Studio agentic scenarios will be discussed.

If you're a technical specialist, platform responsible or decision maker wondering how to grapple with the temptations and dangers of vibe dev, this session is an excellent fit for you. You will leave with clear action points to explore and implement to help manage relevant risks.

The content is informed by the speakers' field experience and the freshly released OWASP Top 10 risks for Citizen Development.

The speakers are part of the review team for the latest OWASP Top 10 risks for citizen dev paper and as such, are looking to share the most important findings in session form, turned to practical Power Platform demos and guidance.