I spent a solid hour last month watching a declarative agent ignore an API plugin I’d wired up. The instructions were clear, the manifest looked right, the OpenAPI spec was valid. Every prompt came back with a confident answer that had nothing to do with my data. Copilot was making things up rather than calling my endpoint, and I had no idea why.

Then I typed -developer on into Copilot Chat, and the mystery evaporated in about thirty seconds.

Seeing the Orchestrator Think

Developer mode is a built-in debugging tool in Microsoft 365 Copilot Chat. Type that command and every response from your agent comes back with a debug card — a detailed breakdown of what the orchestrator did behind the scenes to produce its answer.

The card shows three things that matter. First, agent metadata and capabilities: which knowledge sources are active, whether web search is enabled, and the identifiers you need for tracking a specific conversation. Second, function matching: did the orchestrator consider your API plugin’s functions relevant to the user’s prompt? Third, execution details: if a function was selected, what HTTP request did Copilot actually send, what response came back, and how long did it take?

That last section is where most of the debugging value lives. You can see the endpoint that was called, the request headers with auth tokens redacted, and the full response body. When something fails, you’re reading the receipt — not guessing.

The Problem It Actually Solves

Before developer mode, troubleshooting a misbehaving agent in Copilot meant staring at manifest files trying to work out what went sideways. Your agent returned a wrong answer and you couldn’t tell where the chain broke. Was the orchestrator not matching your function? Matching but failing on auth? Getting bad data back from the API? The orchestration layer was a black box.

Now you see exactly where it breaks. In my case, the debug card showed “No matched functions” — meaning the orchestrator never even considered calling my API. The problem wasn’t auth or endpoints or response formatting. It was my description_for_model field. The description said “Returns project data” but my prompt asked “What’s the status of the Henderson build?” The orchestrator couldn’t bridge that semantic gap.

I rewrote the description to cover the ways people actually ask about project status, and the next prompt hit the API cleanly.

Where It Fits in Your Workflow

Developer mode works directly in the browser. Open Copilot Chat, select your agent, type -developer on, and start testing prompts. If you’re using the Microsoft 365 Agents Toolkit in Visual Studio Code, press F5 to launch your agent and the same command activates in the chat window. The debug panel in the toolkit gives you a matching view with downloadable diagnostic logs.

A couple of patterns worth knowing: when the debug card shows “No functions selected for execution,” your function descriptions likely aren’t semantically close enough to the prompt. When it shows a function was selected but execution failed, the HTTP status code in the card usually tells you what went wrong — a 401 means your OAuth registration doesn’t match, a timeout means your API needs to respond faster.

What I’m Watching

Microsoft keeps expanding what the debug card reveals, and the Quick Copy feature now lets you export the full debugging JSON to share with a colleague or attach to a support ticket. For anyone building agents that connect to external APIs through Copilot, this is the single most useful diagnostic tool in the stack. It turns “something’s broken” into “here’s exactly what happened, and here’s why.”

If you haven’t typed -developer on yet, start there.

1. Microsoft Learn — Test and debug agents using Developer Mode https://learn.microsoft.com/en-us/microsoft-365/copilot/extensibility/debugging-agents-copilot-studio(opens in new window) The primary documentation page. Covers enabling/disabling developer mode, the debug info card fields, troubleshooting common failures, and how to report issues.

2. Microsoft Learn — Test and debug agents in Microsoft 365 Agents Toolkit using developer mode https://learn.microsoft.com/en-us/microsoft-365/copilot/extensibility/debugging-agents-vscode(opens in new window) Focuses on using developer mode alongside the Agents Toolkit in VS Code (F5 launch, debug panel, diagnostic logs).

3. Microsoft 365 Developer Blog — Introducing the agent debugging experience in Microsoft 365 Copilot (April 9, 2025) https://devblogs.microsoft.com/microsoft365dev/introducing-the-agent-debugging-experience-in-microsoft-365-copilot/(opens in new window) The GA announcement post by Carol Mbasinge Kigoonya. Covers new features including agent configuration insights, execution monitoring, latency tracking, and Quick Copy Debugging JSON.

4. Microsoft 365 Roadmap — Feature ID 474450 https://www.microsoft.com/microsoft-365/roadmap?featureid=474450(opens in new window) The original roadmap entry for Copilot Chat developer mode, listed as GA from January 2025.

5. Microsoft Learn — Set up your development environment for Microsoft 365 Copilot https://learn.microsoft.com/en-us/microsoft-365/copilot/extensibility/prerequisites(opens in new window) Broader context on the Copilot development environment, licensing, and extensibility options that developer mode supports.

• Introducing Microsoft 365 Business with Copilot: The new standard for small business(opens in new window) Microsoft is launching two new small-business SKUs on 1 July — Business Standard with Copilot and Business Premium with Copilot — with Copilot built directly into Word, Excel, PowerPoint and Outlook. They add 1,000+ connectors (Shopify, Xero, Docusign and more), “Work IQ” business context, and access to OpenAI and Anthropic models. Built-in security controls like sensitivity labels and access revocation ensure Copilot only surfaces what each user is permitted to see.

• Introducing a new design for Microsoft 365 Copilot(opens in new window) Microsoft has redesigned the Copilot experience across Microsoft 365, turning the prompt line into a task-aware workspace with a single consistent entry point across apps and a progressive-disclosure interface. Performance improved with load times cut by more than half and complex prompts answering ~10% faster, alongside new agentic modes (Designer, Researcher, and in-app Word/Excel/PowerPoint agents). Microsoft reported usage gains of Word +27%, Excel +33%, PowerPoint +43% and Outlook +30%.

Security / Industry News

• The Gentlemen ransomware: Dissecting a self-propagating Go encryptor(opens in new window) Microsoft Threat Intelligence analysed “The Gentlemen,” a ransomware-as-a-service threat (operators tracked as Storm-2697) written in Go that uses per-file Curve25519 + XChaCha20 encryption and spreads aggressively through lateral movement. It employs double extortion, disables Microsoft Defender, and deletes shadow copies and logs to hinder recovery. Activity has been observed globally across education, transport, healthcare and finance sectors.

After hours

Mark Rober’s $60 Million Science Experiment – https://www.youtube.com/watch?v=RDFGkBE2O50

Editorial

If you found this valuable, the I’d appreciate a ‘like’ or perhaps a donation at https://ko-fi.com/ciaops. This helps me know that people enjoy what I have created and provides resources to allow me to create more content. If you have any feedback or suggestions around this, I’m all ears. You can also find me via email director@ciaops.com and on X (Twitter) at https://www.twitter.com/directorcia.

If you want to be part of a dedicated Microsoft Cloud community with information and interactions daily, then consider becoming a CIAOPS Patron – www.ciaopspatron.com.

Watch out for the next CIA Brief next week

I keep hearing the same thing from MSPs and IT pros when GitHub Copilot CLI comes up.

“That’s a developer tool, right? Not for me.”

No.

That’s the assumption I want to push back on. If you spend any time at a terminal — running PowerShell against a tenant, poking at logs, scripting an onboarding — Copilot CLI belongs on your machine.

And once you bolt Work IQ onto it, your terminal stops being a code playground and starts being something genuinely useful for the M365 work you already do.

What is GitHub Copilot CLI, really?

It’s an AI assistant that lives in your shell.

You install it, run copilot, and start typing in plain English. It proposes commands, runs them with your approval, edits files, reads repositories — and it holds context across the whole session. Every action waits for your tick before it executes, which I appreciate. Nothing happens to your machine without you saying yes.

Think of it less as a coding tool and more as a terminal pair who never gets bored and never forgets the exact git syntax you can never remember.

Step-by-Step: Getting Copilot CLI on your machine

You’ll need an active GitHub Copilot subscription (Pro, Pro+, Business, or Enterprise) and Node.js v22 or higher. On Windows, PowerShell 6 or higher.

Install the package

Run:

winget install Github.Copilot

as an administrator that the command prompt

Launch it

copilot

Sign in

At the prompt, type login and follow the browser flow. That’s the whole authentication dance.

The full walkthrough — including winget, Homebrew, and the install script — sits on the official GitHub Copilot CLI installation docs.

That’s it. You’re talking to your terminal.

Step-by-Step: Connecting Work IQ inside Copilot CLI

Here’s where it gets interesting for anyone living in Microsoft 365.

Work IQ is a Microsoft MCP server that pipes your M365 tenant data — emails, meetings, documents, Teams messages, people — straight into Copilot CLI. It’s in public preview, and your tenant admin needs to grant consent the first time.

Open Copilot CLI

copilot

Add the plugin marketplace

copilot-plugins

Install the plugin

plugin install workiq@copilot-plugins

Restart and ask

Quit Copilot CLI, relaunch it, then try something like:

What did my client say last week about the Intune rollout?

Notice what’s missing? You never opened Outlook. You never opened Teams. You never alt-tabbed.

The official walkthrough — including admin consent and the EULA acceptance you’ll deal with once — sits on Microsoft Learn’s Work IQ overview. The broader plugin and MCP picture for the CLI is on the GitHub Copilot CLI docs.

Why this actually changes how you work

Most of my day, like yours, is spent jumping between windows. Email. Teams. SharePoint. A browser with seven tabs of Microsoft Learn open.

“But I already have Copilot in Microsoft 365 — why bother with the CLI?”

Because the CLI is where you do the work. Drafting an email is fine inside Outlook. But when you’re scripting tenant changes, comparing config exports, or poking at a stubborn migration log, you don’t want to leave the terminal to ask a question about the client. With Work IQ, you don’t.

That’s not a productivity tweak. That’s collapsing two tools into one place.

Here’s the real win for MSPs. Your engineers can ask once — “summarise the last five tickets from this client and show me the related Teams chat” — without context-switching, without copy-paste, without losing their thread. Same hour billed, more thinking inside it.

If you’re not showing your clients what their own terminal can already do for them, you’re leaving value on the table.

Copilot CLI doesn’t get tired. Use that.

GitHub Copilot CLI plus Work IQ isn’t there to make you faster at the terminal. It’s there to make the terminal stop being an island.

The slides from this month’s webinar are available at:

https://github.com/directorcia/general/blob/master/Presentations/Need%20to%20Know%20Webinars/202605.pdf

and the video recording is also up on Youtube here:

Video URL –

https://www.youtube.com/watch?v=8219So9Vldw

Watch out for next month’s webinar.

Walk into most SMB tenants and check who holds Global Administrator. You’ll find at least one. Often three. Sometimes more. All permanent. All active. All the time.

That’s standing privilege. And it’s the biggest gift you can hand a token thief.

Most MSPs I talk to know about Privileged Identity Management. They’ve seen it in the Entra admin centre. They just don’t switch it on for clients, because they assume it’s an enterprise thing — too expensive, too complicated, too overkill for a 25-seat business.

Wrong on all three.

What is PIM, really?

PIM is just-in-time admin access. You stop being a Global Administrator all day every day, and start being eligible for it. When you need the role, you put yourself in for a fixed window, with a justification and a record. A few hours later it drops off. You’re back to a normal user.

That’s not least privilege as a slogan. That’s least privilege as a clock.

You can layer MFA on activation, approval workflows where one admin signs off on another’s elevation, and access reviews that quietly remind you each quarter that someone’s eligibility hasn’t been used in 90 days. All portal-driven. No scripts. Microsoft’s overview of PIM is worth a read, but the licensing point is the one that trips everyone up.

PIM needs Entra ID P2 or Entra ID Governance. That’s not in Business Premium. But — and this is the part MSPs miss — you only need to licence the admins, not every seat. Three admin accounts is your premium. Compare that to one incident.

Step-by-step: switching on PIM for Global Administrator

Run through this in the Entra admin centre. Sign in as a Global Administrator and licence the admin accounts you want under PIM first.

Park a break-glass account

Before touching a role, create a dedicated break-glass admin. Permanent active Global Administrator. Long random password in your password manager. Excluded from every Conditional Access policy. Document it somewhere you can find at 2am.

This is the one account PIM doesn’t touch. Skip this step and you’ll lock yourself out the first time MFA goes sideways.

Open ID Governance

ID Governance → Privileged Identity Management → Microsoft Entra roles → Roles.

Configure role settings for Global Administrator

Select Global Administrator → Role settings → Edit. Microsoft documents every option here; the ones that earn their keep look like this:

Activation maximum duration:   4 hours
Require MFA on activation:     Yes
Require justification:         Yes
Require approval to activate:  Yes (2 approvers, not self)
Permanent eligible assignment: Disallowed
Notification on activation:    All Global Admins

Notice what’s missing? PowerShell. None of this needs it.

Move existing GAs from active to eligible

Assignments → find each Global Administrator → use the assign roles flow to make them eligible instead. Same permissions — only when they ask for them.

Schedule an access review

Under Access reviews, set up a quarterly review of all eligible Global Administrators. Configure it to auto-remove on no response. The clients who think this is overkill are the clients who’ll have an ex-staffer with admin rights twelve months from now.

Why this actually changes behaviour

PIM isn’t a tool. It’s a posture. The second a Global Admin has to type a reason and wait for approval, two things happen — they stop using GA for the trivial stuff, and someone else sees every elevation.

“But our admins will hate this.”

They’ll hate it for a week. Then they’ll forget it’s there, because activation is two clicks. And the first time you can prove with an audit log that no privileged account was active during an incident, you’ll wonder how you ran tenants any other way.

A standing Global Admin is a key under the doormat. PIM is the locksmith.

If you’re not setting this up for your clients, you’re leaving the front door open and calling it security.

I had a quiet moment last week that made me stop and think. I was watching a younger colleague get something done in about thirty seconds — no mouse, no menus, no four browser tabs open. Just typed a sentence into a terminal, hit enter, and the work was done. It looked exactly like the way I used to work in the late nineties, except the thing on the other side of the prompt was now an AI.

That’s the part I keep turning over. For more than two decades we have been told the future is graphical. Click, drag, drop, swipe. Every product wanted to be more visual, more “intuitive”, more pointy and clicky than the last one. And now, very quietly, the command line is walking back into the room — with a tool like GitHub Copilot CLI under its arm.

Typing is faster than clicking, again

The reason this shift is happening isn’t nostalgia. It’s pace. When you can describe what you want in plain English and have a tool translate that into the right command, the whole “where is that menu again” tax disappears. I’ve watched people who genuinely could not tell you what grep does happily ask Copilot CLI to find every file on their machine that mentions a particular client, and get a clean answer in seconds.

That same pattern is now showing up everywhere I look in Microsoft 365. Copilot in Outlook is, in effect, a command line for your inbox. You type “find the email from the supplier about pricing last month and draft a reply” and you’re done. No folder hunting, no scrolling. Copilot in Excel does the same thing for data — you describe the pivot you want, the chart you want, the trend you want highlighted, and it happens. The mouse becomes optional.

The interface is becoming language

What I think we’re really watching is not a return to green text on black screens. It’s the recognition that human language is itself a pretty good interface. For years we tried to dumb computers down for people. Now we’re meeting in the middle. People type or speak what they want. The machine figures out the click path.

Look at Microsoft Teams. The new way to drive it isn’t to click through tabs and channels — it’s to ask Copilot what was decided in yesterday’s project meeting, who owes who an action item, and what changed in the shared OneNote since Friday. The chat box has quietly become the most powerful button in the application.

What it means for how we work

For business leaders this matters more than it might first appear. The people who get good at “talking” to their tools — whether that’s Copilot CLI on a developer’s laptop, Copilot in Word turning rough notes into a board paper, or Copilot in SharePoint pulling the right policy out of a thousand documents — are going to be visibly faster than the people still hunting through ribbons and right-click menus.

I’m telling clients to start treating prompt-writing as a normal workplace skill, the same way we once treated email etiquette. It is the new shortcut key.

What I’m watching next

The interesting question is whether this collapses the distinction between “technical” and “non-technical” users altogether. If everyone’s interface is a sentence, the playing field flattens fast. The command line never really left. It just learned to listen.

Most MSPs I talk to are still triaging Defender alerts one console at a time. Open Defender for Endpoint, jump to Defender for Office 365, check Entra sign-in logs, back to the device timeline. Five tabs, five clocks, no story.

That’s not response. That’s archaeology.

Defender XDR fixed this. The unified incident queue sits in the Microsoft Defender portal and stitches signals from Endpoint, Office 365, Identity, Cloud Apps and Entra into a single container called an incident. One incident, one timeline, one place to act.

If you’re still working from individual alert lists, you’re doing the correlation work the platform already did for you.

What is the unified incident queue, really?

An alert is one signal — a flagged email, a process anomaly, a risky sign-in. An incident is what Defender builds when it stitches several of those alerts into one attack story across products. Same user, same device, same attacker IP, same hour, one incident.

You stop looking at noise and start looking at attacks. Microsoft frames it exactly that way in Incidents and alerts in the Microsoft Defender portal.

Notice what’s missing? Sentinel. You don’t need it to get value from this queue.

Step-by-Step: Working an incident properly

Open the queue

In security.microsoft.com, expand Investigation & response > Incidents & alerts > Incidents. That’s your home page now. Pin it.

Triage the top of the list

Sort by Severity. For each new incident, assign an owner, set status to In progress, and add a tag like ransomware-suspect or bec-suspect so the rest of your team can filter on it. Microsoft walks through this on Manage incidents in Microsoft Defender.

Open the attack story

Inside the incident, click Attack story. You get a graph — users, devices, files, mailboxes — with events in order. This is where the correlation pays off. You’re not joining tabs in your head anymore.

Hunt for the rest of it

If the incident feels like one footprint of a bigger campaign, open Hunting > Advanced hunting and run a KQL query against the relevant table. Bookmark the Advanced hunting overview(opens in new window) — it lists every table the queue can see across all the Defender workloads.

A starter:

DeviceProcessEvents
| where Timestamp > ago(7d)
| where ProcessCommandLine has_any ("Invoke-WebRequest","DownloadString","certutil")
| project Timestamp, DeviceName, AccountName, ProcessCommandLine

Notice what’s missing? PowerShell. You’re not running this from a remote shell. It runs in the portal, against the same data the incident was built from. That’s the point.

Save the good queries as detections

Any hunting query you’d happily wake up to at 3am can become a custom detection rule. From Advanced hunting, hit Create detection rule. Defender runs your query on a schedule and the matches feed straight back into the incident queue. The flow is documented in the Custom detections overview.

That’s the loop. Hunt once, detect forever.

Why this actually changes behaviour

“Where do I start?” becomes “What story is Defender telling me?”

When the queue is your home page, your team stops chasing alerts and starts closing incidents. The numbers you report to clients become incidents closed, median time to triage, active attack stories — not raw alert counts nobody can interpret.

The custom detection layer is where MSPs separate themselves. The product gives you the correlations Microsoft thought of. The rules you write are the correlations your clients need. Stack a few by vertical — finance, legal, construction — and you have a productised security service the next MSP down the road doesn’t.

The unified queue isn’t there to give you fewer alerts. It’s there to make alerts something you can actually work.

I’ve watched plenty of MSP owners import a new strategy — a pricing model, a sales motion, an AI practice — and then sit back waiting for results that never quite arrive. The framework is fine. The consultant was competent. The slide deck is tidy. Nothing lands. After the third or fourth time you see this pattern, you start to suspect the strategy was never the problem. The person running it was running the same way they always had, with the same instincts, the same blind spots, the same calendar. And the strategy, for all its elegance, quietly gathers dust.

Strategies borrow their ceiling from the founder

Here’s the uncomfortable bit. Every strategy in your business is quietly capped by whoever owns it at the top. A sales playbook built for disciplined follow-up doesn’t survive contact with a founder who hates picking up the phone. A managed services model built around proactive account reviews doesn’t work for an owner who still treats quarterly business reviews as optional. A cyber practice built on hard conversations about risk doesn’t get off the ground when the founder is uncomfortable delivering bad news to clients. The strategy isn’t weak. It’s just being run through the wrong instrument. You can buy a better playbook, hire a better consultant, pay for a better PSA, and you’ll still end up with results shaped by your own habits. That’s not a criticism. It’s just mechanics. The business is a reflection of the person at the top, and the ceiling on your strategies is almost always the ceiling on you.

The tool is a mirror, not a transformation

This is where I see Copilot quietly doing more than most owners realise. Not as a productivity gadget — as a mirror. When I open Copilot in Outlook and ask it to summarise the week’s inbox, I’m confronted with what I’ve actually been spending my time on, not what I thought I was spending my time on. When I ask Copilot in Teams to pull the decisions out of a client meeting, I notice which decisions I keep ducking. When I use Copilot Chat to pressure-test a proposal before I send it, I catch lazy thinking I would have signed off on a year ago. None of that changes my strategy. It changes me. That’s the part that makes the strategy finally move. The upgrade isn’t in the tool. It’s in the habit of using the tool to confront how I actually work, then doing something about what I find. That is a very different thing to rolling Copilot out across the tenant and calling it a transformation.

The hardest part is seeing yourself

Most founders I talk to are genuinely willing to change their business. Far fewer are willing to change themselves. We’ll restructure the team, rewrite the service catalogue, and re-platform the ticketing system before we’ll look honestly at our own calendar, our own decision-making, or our own tolerance for avoidance. The interesting thing is that the same Microsoft 365 tools we’re selling to clients — Copilot, Loop, Planner, SharePoint — are the ones that expose our own patterns if we let them. A Loop page tracking your weekly commitments will tell you the truth about your follow-through in about a fortnight. That’s a confronting experience, and it’s where the real upgrade starts.

Before you import your next strategy, ask a harder question. What would I have to become for this to actually work in my business? If the honest answer is “someone I’m not yet”, the strategy isn’t the first thing that needs upgrading. You are. Everything else in the business eventually rises or falls to that line. That’s not an easy sentence to sit with. It’s also the one I keep coming back to whenever I watch a good strategy fail to stick.

When people hear “Copilot Studio agent,” they picture a chatbot. That’s the wrong mental model. A modern agent is a reasoning layer sitting on top of three very different pipes: your business data in Dataverse, your organisational content in Microsoft Graph, and the wider universe of SaaS via Power Platform connectors.

Each pipe has its own auth story. And that’s where almost every SMB and MSP rollout I see comes unstuck.

That’s not a configuration problem. That’s an identity problem dressed up as a configuration problem.

Step-by-Step: wiring an agent to the three pipes

Set the agent’s authentication first

Before you add a single tool, go to Settings → Security → Authentication in your agent. Pick Authenticate with Microsoft. This uses Microsoft Entra ID to identify whoever is chatting — and it’s the prerequisite for almost everything that follows.

Skip this step and your agent runs as nobody. Which means it can’t read Dataverse on the user’s behalf, can’t honour SharePoint permissions, and can’t call a connector as the signed-in user. Get the front door right and the rest gets easier.

Add a Dataverse table as knowledge

Open Knowledge → Add knowledge → Dataverse. You can wire up to 15 tables per agent. Two things that catch people out:

• Dataverse search must be enabled on the environment first.
  

• Add synonyms and glossary terms for any column where your users speak a different dialect to the schema.

“Why doesn’t it find my open opportunities?”

Because your column is called statuscode and your users say “stage.” Synonyms fix that.

Add a Microsoft 365 Graph connector for content

Graph connectors are the other knowledge model — they index external content (Jira, ServiceNow, file shares, intranets) into the same semantic graph that Copilot already uses for Teams, SharePoint, and mail. Set them up in the Microsoft 365 admin center → Search & intelligence → Connectors. ACL-based permission trimming is preserved, so users only see what they’re allowed to see. Microsoft has a clear overview here.

Notice what’s missing? Dataverse is agent-scoped knowledge. Graph connectors are tenant-scoped knowledge. Different governance owners. Plan accordingly.

Add a connector as a tool

In your agent, Tools → Add a tool → Connector. Pick a standard, premium, or custom Power Platform connector. Now the agent can act — create a row, post to Teams, hit your line-of-business API.

Tool = action. Knowledge = retrieval. Don't confuse the two.

Pick the right credentials mode

Every tool asks one question that quietly decides your security posture: Maker Credentials or End User Credentials?

• Maker Credentials: the connection runs as you, the builder. Easy demos. Terrible for anything user-specific.
  

• End User Credentials: each chatter authenticates with their own account. Slightly more clicks for users. The only sensible default for production. Details here.

My recommendation? Default to End User and only fall back to Maker when there’s a genuine service-account scenario — like reading a shared mailbox.

Why this actually changes behaviour

Here’s the real win. Once authentication is correctly threaded through the agent, the same prompt produces different, personally-relevant answers for every user — because it’s their identity flowing into Dataverse, their Graph results coming back, their connector permissions being honoured.

That’s not a chatbot. That’s a tenant-aware assistant.

The other thing I notice with clients: governance conversations get easier. “Who can see what?” becomes a question of existing Entra groups and Dataverse row security — not a brand-new permissions matrix you have to invent for the agent.

Get the auth pattern right once and every agent you build afterwards inherits it. Get it wrong and you’ll be unpicking the same mess for months.

Wire the pipes. Mind the credentials. Ship something your clients actually trust.

There’s a line I keep repeating. If you’re not reaching for AI every working hour of every day, you’re leaving a silly amount of productivity on the floor. That’s not a pep talk. That’s the baseline now.

But the bit I don’t say loudly enough — the part that actually matters — is this: work is the shallow end. The real compounding doesn’t happen in your quarterly numbers. It happens in the life you build around them.

The job isn’t using it at work

Most people I talk to are still framing AI as a work tool. A faster way to write an email. A quicker way to build a deck in PowerPoint. A cleaner summary of yesterday’s Teams meeting. All useful. All, honestly, the least interesting thing it can do for you.

The long game is personal. You have been handed, for the price of a monthly subscription, a patient thinking partner who will sit with you on any problem, any time of day or night — no ego, no judgement, no billable hour. Whether that’s a Saturday morning over coffee or the drive home after a rough day. Most of my team haven’t really used it that way yet. Honestly, neither had I, until recently.

Every friction point is now a prompt

Think about the things you’ve been avoiding for weeks. They tend to share a shape. A hard conversation with a business partner. A decision about whether to move the family interstate. A contract for a property that you don’t fully understand and don’t want to ask your agent about in front of the vendor.

Every one of those is now a prompt.

Last month I dropped a forty-page purchase agreement into Copilot and asked it to surface everything that wasn’t in my favour. It took about ninety seconds. I walked into the next conversation with three questions I would never have thought to ask, and one clause I’d been about to sign away without a second look. The deal shifted. That moment — that shift — is what I’m talking about.

The conversation you’ve been dreading? Open Copilot in Word, write out what you want to say, and have it stress-test the tone, the gaps, the places you’re being unfair or being walked on. Weighing a big life decision? Give it your situation, the options and what you actually care about, and let it play devil’s advocate until you can hear your own thinking more clearly. Piles of messy personal documents sitting in OneDrive? Point Copilot at them and start asking.

Disrupt yourself first

The job of a good CEO is to look eighteen months down the track and protect the business from whatever’s coming. Most of us accept that as obvious for the companies we run.

Almost none of us apply it to our own lives.

Your job, right now, as a human being, is exactly the same. Look eighteen months ahead. Ask what’s going to be true then about how work, relationships, careers and decisions get made. Then disrupt yourself before the world does it for you — because the world absolutely will.

The people who quietly pick this up — who use Copilot not just for their inbox but for the harder, more personal stuff — are going to look up somewhere in 2027 and realise they’re living a noticeably different life. Not because AI saved them a few minutes on email. Because they used it to think better, decide better, and act earlier than the people around them.

Absorb. Assemble. Align. Advance.

Start today.