[wkat4242]

> IT loves 365 because it's so risk-averse. No big jumps, no surprises,

Umm no, it's the opposite. It's super high-risk right now for us. Microsoft is constantly shifting stuff around leading us to have to constantly change our processes, documentation etc. Often with zero heads-up and often defaults to on. Some incidents:

- They suddenly started a "free promotion" with Sharepoint agents. We don't want to offer that to our users but it just popped in one day and the admin setting defaulted to on so people were already using it before we turned it off. This was a big deal for us.

- Constant rebranding of their product names leading to confusion among users and zero-value documentation and process rewrites for us. Also constantly fiddling with the URLs is sooo annoying.

- Constant changes in features leading to impact to our DPIA. For example copilot chat didn't have history at first. So no data was kept (they also promise they don't store any for training). Suddenly they added that one day, so we had to redo our entire DPIA because it now does suddenly store personal info which it didn't before so a whole lot of overhead comes into scope (data lifecycle, privacy regulations, security, data loss prevention etc). This is exhausting and there is no way to delay these features until we have approved them. Also, it caused our DPIA team to be highly critical after this incident. Because of course: If they did this before, what guarantees that they won't change something worse next month?

- Limited granularity of access controls - a lot is very high-scope on/off style controls. Meaning that if we want to block something we often block unintended features as well.

A lot of these things are definitely 'big jumps' and 'surprises'.

[detaro]

Plenty places seem to treat Microsoft et al as a "force of nature". Employee makes a mistake: terrible. Small vendor breaks something, whoever advocated for them is in hot water. Microsoft fucks something up, same category as if HQ gets leveled by an earthquake: sad, but nobody could've prevented it.

[spwa4]

What about the secondary effects of AI? I mean, now large-scale data gathering on your company simply by recording glasses + having AI transcribe the whole thing is possible. Hell, with modern cell phones you could do it live.

And the first product that lets a cell phone control keyboard and mouse sending camera to ChatGPT, having ChatGPT do all the work is not far off either.

Presumably both of these would violate your ... policies something awful. I should say will violate all your policies, because we both know this is going to happen.

You have no way of preventing both of these from occurring with IT policy.

[wkat4242]

Well to be fair we are already handing all our data to Microsoft on a silver platter since we moved everything to M365. So it's not like they didn't have it all before.