Copilot Cowork is GA, but MSPs should treat it as an operations change, not just another Copilot feature. The work now is permissions, billing controls, agent identity, audit trails, and deciding which client workflows are safe enough for long-running agents.
MSPs
Deploying Claude Desktop Behind Entra ID: The No-Backend Architecture MSPs Need
Claude Desktop ships with a shared API key in a local config file — no per-user identity, no MFA, no audit trail. For MSPs with regulated clients, that’s a non-starter. Microsoft just published an architecture that routes Claude Desktop through Entra ID and Azure API Management with zero custom backend code. Per-user identity, Conditional Access, auditable, and the config can be pushed via Intune. If your clients are asking for sanctioned AI desktop tools alongside their existing M365 stack, this closes a real governance gap.
The Invisible Workforce Is Non-Human — Why MSPs Need NHI Governance Now
Most MSPs can’t answer which service principals are active in a client tenant, let alone which are over-privileged. Microsoft Defender now surfaces NHI inventory and governance—and that is a recurring-service opportunity hiding in plain sight.
Two Endpoint Changes MSPs Should Act On: Defender Linux Scans + Edge Release Cadence
Microsoft Defender for Linux now supports scheduled scans, and Edge Stable shifts to a two-week release cycle on August 27. MSPs need to make two configuration decisions now: close the Linux scan gap and choose the right Edge channel per client.
Microsoft’s GSA Operations Guide Is Out — Here’s What MSPs Need to Review
Microsoft just dropped the GSA Operations Guide on Microsoft Learn — for MSPs who’ve been hesitating on Entra’s secure access features, this is the structured deployment and Day 2 operations playbook that was missing. If your GSA rollouts have been ad-hoc, it’s time to realign.
Copilot Health and Computer-Using Agents: Two AI Frontiers MSPs Need to Govern Now
Microsoft shipped two things this week that sound unrelated but aren’t: Copilot Health Preview brings regulated medical data into the M365 tenant, and Copilot Studio’s computer-using agents can now drive legacy desktop apps without APIs. Together they point to a future where an AI agent detects a lab result and schedules the follow-up by clicking through an EMR—no human, no API. If you’re managing M365 tenants, the governance questions start now. Who can use Copilot Health on managed devices? What’s your credential vaulting policy for agents that act like authenticated users? How do you audit a workflow that has no API call to log?
