RunAs Radio

How do you manage for failure? While at KCDC, Richard chatted with Amy Norris about building a culture that supports dealing with failure in a healthy way. Amy focuses on clear communication - about expectations, positive feedback, negative feedback, and more! The challenge is creating a safe place for people to ask questions and talk clearly about what they see happening in the environment. We can only get better when we can see the problems folks are having - it takes time, patience, and lots of communication to make that happen! LinksAtlas 9Recorded August 14, 2025

How do you know if one of your accounts has been part of a security breach? Richard chats with Troy Hunt about HaveIBeenPwned, a free service that allows individuals to receive notifications when their accounts appear in a security breach. Troy discusses other services available alongside HaveIBeenPwned for sysadmins, including password checking, identifying accounts associated with a specific domain, and more. When considering the cost of managing a customer with an exploited account, being able to prevent or mitigate potential risk is highly valuable. LinksHaveIBeenPwnedPark Mobile SettlementSnowflake Data BreachRecorded September 25, 2025

You're down - is it your servers, or someone else's? While at the Kansas City Developers Conference, Richard sits down with Mandi Walls from Pager Duty about her experiences dealing with incidents involving vendor services. It might be your cloud provider, or some other SaaS element of a pipeline, or even an open-source library dependency in an important internal application that can cause a problem. What are the next steps? Mandi talks about having a software and services bill of materials so that you know what dependencies you have, where to check their status, and how to get help when you need it. Our systems are more complicated than ever - you need a plan to deal with the incidents!LinksAzure StatusSBOM ToolVendor Incidents with Jeff MartinsRecorded August 14, 2025

The days of the one-year SSL certificate are coming to an end - are you ready? Richard chats with Todd Gardner about the upcoming requirement from the Certification Authority Browser Forum to limit SSL certs to 200 days starting March 2026 - and they keep getting shorter until by 2029, certificates will last no longer than 47 days! If you haven't already automated certificate renewal, it's time to start moving in that direction. Todd talks about CertKit as a new approach to automating certificate renewal across various services, making it much easier. Still in the experimental phase, you can be part of the process and make your certificate life easier now!LinksLet's EncryptACME Client ImplementationsThe Great SSL Certificate PanicCertification Authority Browser ForumZeroSSLtrackjsCertKitRecorded August 19, 2025

How do you get your organization trained up to use AI tools? Richard talks to Stephanie Donahue about her work implementing AI tools at Avanade and with Avanade's customers. Stephanie discusses how many workers are bringing their own AI tools, such as ChatGPT, to work and the risks that represent to the organization. Having an approved set of tools helps people work in the right direction, but they will still need some education. The challenge lies in the rapidly shifting landscape and the lack of certifications. However, you'll have some individuals eager to utilize these tools, often on the younger side, and they can help build your practice. The opportunities are tremendous!LinksChatGPT EnterpriseLearning M365 CopilotSecure and Govern Microsoft 365 CopilotMicrosoft PurviewResponsible AI at MicrosoftMicrosoft Viva EngageRecorded July 18, 2025

Episode 1000! Richard Campbell invites Paul Thurrott to join him to celebrate the milestone episode and answer questions from listeners. From the creation of the podcast to the role of Windows in the modern world, the impact of ARM, Cloud, and many other technologies - all addressed in this super-sized episode. And yes, artificial intelligence is part of the conversation—and will be part of the workflows that sysadmins utilize on a day-to-day basis. Thanks to all the folks who sent in questions for this special show - and thanks for listening!LinksDoes Windows Still MatterWindows Server 2025ARM in AzureAzure FastTrackCloud Adoption Framework for AzureMicrosoft VivaRecorded August 31, 2025

What are common mistakes folks are making with their Azure tenant(s)? While at the Kansas City Developers Conference, Richard chatted with Scott Sauber to run down his top ten list of issues he checks on for all his customers using Azure. From tenant ownership to naming conventions, policies, identities, and cost controls - there are a lot of things you can do to make your Azure experience more reliable, cost-effective, and efficient. Check out the links for more details on each of the potential issues!LinksAzure Service GroupsAzure Naming ConventionsAzure Naming ToolAzure Tagging StrategyAzure PolicyManaged IdentitiesDefaultAzureCredentialTLS in Azure App ServiceSSL LabsFederated Identity CredentialsBudgets and Cost AlertsAzure ReservationsAzure Savings PlanRecorded August 14, 2025

How do you secure your organization's data to let AI technologies work safely? Richard chats with Martina Grom about her experiences helping sysadmins responsibly bring the power of Microsoft M365 Copilot into their organizations. Martina discusses setting up security and monitoring with tools like Microsoft Purview, enabling visibility into where copilots are working and who is using them. Once the measuring tools are in place, you can begin to establish limitations for the AI without compromising regular employee workflows. Check the show links for a list of great tools you can use to get M365 Copilot working for your organization safely!LinksGovernance Toolkit 365EU AI ActData, Privacy, and Security for Microsoft 365 CopilotTranslating with CopilotConfiguring SharePoint with Entra IDMicrosoft PurviewData Loss PreventionMicrosoft Purview Compliance ManagerData Security Posture Management for AISharePoint Advanced ManagementCopilot in Microsoft 365 Admin CentersRecorded July 16, 2025

Are you tapping the power of Microsoft Graph? Richard chats with Tony Redmond about his work teaching people to leverage Microsoft Graph and all the insights it can provide about their organization. Tony views Graph as one of the key skills a sysadmin needs to manage an M365 tenant, alongside Exchange Online, SharePoint, and Teams. Throw in some Entra ID skills with Graph and you're ready to take on the rest - and there's a lot! Tony is also responsible for the excellent Office 365 for IT Pros book, now in its 12th edition for 2026. These are the fundamentals that can help you embrace the Copilot future we're all facing - and there's a lot to learn!LinksGraph PowerShell SDKAzure AutomationOffice 365 for IT Pros 2026 EditionMaesterAgent Governance in M365Secure Future InitiativeLinkable Identifiers in Microsoft EntraRecorded July 24, 2025

What can the financial services sector teach us about adopting Copilot in our organizations? Richard chats with Christina Wheeler about her work at Microsoft, where she helps companies leverage large language model technologies. Christina discusses data security, which is crucial in the financial services industry due to its numerous regulations. The data security mindset of using tools like Purview and Data Loss Prevention helps to carve out data sets that can be used with Copilot. The conversation also turns to the Power Platform arena and Dataverse, tools that make it easy to embrace Copilot. There's a progression of security and capability, from internal apps to assisting staff with online work, to ultimately providing a means for customers to interact with a Copilot. There's a lot to learn, but the tools are there to make it possible!LinksMicrosoft PurviewPower Platform Data Loss PreventionPower Virtual AgentsMicrosoft DataverseCopilot StudioAzure AI FoundryRecorded July 7, 2025

How do you get from ClickOps to DevOps? While at Build, Richard chatted with Steven Bucher about using Copilot in Azure to help build PowerShell scripts with Azure CLI to get you moving down the path of repeatable deployment. Steven talks about interacting with Copilot in Azure through the Portal, Azure CLI, and PowerShell. Using tools like GitHub Copilot in Visual Studio Code can help you start making Infrastructure as Code in Bicep or Terraform to move you along the path of automating reliable deployments!LinksCopilot in AzureAzure CLITerraformAI ShellPowerShell 7.5BicepGitHub Copilot on VS CodeRecorded May 19, 2025

How do you bring AI agents to your organization? Richard chats with April Dunnam about her experiences with Copilot Studio, Microsoft's tool for building various agents for your organization. April discusses the multiple approaches available today for utilizing generative AI and the benefits of leveraging template-driven and low-code solutions to capitalize on the latest features in agentic AI. The conversation also delves into the relationship between M365 Copilot and Copilot Studio for creating extensions and focused functionality. There's a significant amount of power here if you take the time to learn the tools!LinksMicrosoft Copilot StudioBuild your First Copilot Studio Agent in MinutesPlayright MCPTesting Copilot Studio AgentsAgent FlowsDataverse MCPApril's Copilot EstimatorRecorded July 8, 2025

What's happening with Fabric in 2025? While at Build, Richard chatted with Arun Ulag about the fantastic progress Fabric has made in the past year. Arun discusses expanding the product line beyond analytics to include real-time intelligence and hosting primary data workloads. The goal is to make it incredibly easy to get your organization's "data estate in order"... not just for security and analytics, but also for your upcoming AI-related workloads. Arun also discusses the power of conversational interfaces to access data, helping leaders get answers quickly and allowing analysts in your organization to build resources that can answer those questions quickly.LinksMicrosoft FabricRecorded May 20, 2025

How does a PowerApp become a fully-fledged software application? Richard chats with Luise Freese about her experience of taking a PowerApp built by an individual through the "onboarding process" of becoming a complete software application, including requirements, tests, deployment pipeline, security, user training, and more. It's easy to create a prototype of an application with PowerApps, but once you move beyond the basics, there's a significant amount of work that's essential to the long-term health of the app. Luise discusses how often PowerApps utilizes "free" data sources, such as SharePoint lists, rather than the underlying datasets that require a license. This hinders performance and reliability; it's better to work with the right APIs and data sources. It's also an accomplishment, as what started as an individual's automation is now a part of the suite of applications that a company depends on!LinksPower Apps and Power AutomateLuise's Blog PostMicrosoft Power Platform Center of Excellence Starter KitEntra ID for Power AppsRecorded June 27, 2025

How has Azure been innovating lately? While at Build Richard chatted with Azure CTO Mark Russinovich about some of the latest innovations in Azure, including some of the new hardware available. Mark talks about working with hardware manufacturers to build servers optimized to the workloads the largest Azure customers need. The conversation also explores the new innovations in AI and how Azure is being optimized to serve those workloads - and be shaped by them! Mark also talks about how material science is evolving with generative AI technologies leading to a discussion about the coming role of quantum computing - and how that will live in the cloud as well!LinksScott and Mark Learn to...Azure F-Family VMsHollow Core FiberMajorana 1 Quantum ProcessorRecorded May 20, 2025

How do you get more from GitHub in your work routine? Richard chats with April Yoho about how sysadmins can take advantage of more GitHub features to make better quality scripts and more! April discusses the capabilities of GitHub Copilot to assist administrators in comprehending the intricacies of source management, including branching and merging. The conversation also delves into extracting more from Copilot itself, including custom instructions and the new agentic mode. Now you can use Copilot to describe a new script and turn it into a series of GitHub issues - and those issues can be assigned to an agentic AI to get the code written!LinksSPACE FrameworkCustom Instructions for GitHub CopilotResolving Merge ConflictsAgent Mode in VS CodeRecorded May 20, 2025

Here comes SQL Server 2025! While at Build, Richard chatted with Bob Ward about releasing a preview version of SQL Server 2025. Bob discusses SQL Server 2025 as an AI-ready enterprise database with numerous capabilities specifically tailored to your organization's AI needs, including a new vector data type. This includes making REST API calls to Azure OpenAI, Ollama, or OpenAI. This is also the version of SQL Server designed to integrate with Microsoft Fabric through mirroring. There are many more features, even a new icon!LinksSQL Server 2025 AnnouncementJSON Data TypeOllamaRecorded May 20, 2025

How can modern telemetry solutions help you? While at NDC in Melbourne, Richard chatted with Liz Fong-Jones of Honeycomb about her approach to educating leadership on creating great telemetry solutions for organizations. Liz discusses the importance of being able to answer questions about reliability issues without causing problems, as opposed to relying on a dashboard for every measurement taken of the system. The conversation also delves into the culture of building reliability, where people are encouraged to fail and learn, rather than being punished when things go wrong.LinksHoneycombRecorded April 30, 2025

Why would a security vulnerability take more than two years to fix? Richard chats with Steve Syfuhs about the evolution of the response to KB5015754. Originally published in 2022, the issue involved vulnerabilities in the on-premises certificate authority for Active Directory. Pushing a fix to force the immediate replacement of the certificates could have left users unable to log into Active Directory entirely. Steve explains how the gradual rollout of the fix allowed folks concerned (and paying attention!) to fix it immediately. At the same time, for everyone else, the fix happened as the existing certificates expired. But not every scenario is automatic - some require sysadmin intervention. So, how do you get their attention? The story leads to the February 11, 2025 update that could knock some users off Active Directory, but had an easy and quick fix. The final phase should be September 2025; hopefully, the last stragglers will be ready!LinksKB5014754Microsoft Security Response CenterCreate and Assign SCEP Certificate Profiles in IntuneRecorded April 10, 2025

How do you talk to security? While at NDC Melbourne, Richard chatted with Sarah Young about her approaches to helping folks work with the security team. Often seen as an impediment to business, Sarah talks about what motivates security teams, how to use language to help them understand that you are taking security seriously, and how to get more things done! Ultimately, the DevOps mantra of providing value to the customer still works - working with people to improve the processes that lead to secure systems helps everyone!LinksDaniel Pink's DriveManaged Identities for AzureTenerife Airport DisasterRecorded April 30, 2025