End of Life Clocks, AI Governance Gaps, and the Sentinel Lake Reveal

In this episode, David kicks off with a reminder that Windows Server 2016 end of support is arriving in January 2027, with extended security updates referenced exclusively via Azure Arc in the official Microsoft documentation. Whether that is intentional positioning or a drafting oversight is an open question, but the team agrees it deserves a closer look. David also covers the upcoming end-of-life dates for SQL Server 2016, Windows Server 2012 extended support, and SQL Server 2014, all landing between mid-2026 and mid-2027. The perennial challenge of legacy systems sitting untouched in corners while everyone's attention is on AI is discussed with the kind of weary familiarity that comes from having had that conversation many times.

Ansible playbooks deployable via Azure Policy enter private preview, extending Azure Policy beyond guardrails and drift detection into active configuration management. David also flags the expanding Windows 365 Cloud PC device range, with Asus, NUC, and Dell Pro joining the lineup, and raises the reasonable question of where the actual demand for dedicated thin clients is coming from in 2026.
Richard takes over for what has been a deliberately held-back topic: IBM's participation in the private preview for Microsoft Sentinel Lake and custom security graphs. The work, which was demonstrated at Ignite, involved ingesting feeds from Tenable, Qualys, and ServiceNow to build a richer asset-context graph on top of the underlying data lake. Richard walks through the practical realities of the implementation, including the requirement to work entirely in VS Code via Jupyter notebooks, the need to learn GQL alongside KQL, and the cost implications of how frequently you rebuild the graph. A custom Node.js interface was built to query the graphs during the preview, before a Graph Explorer surface appeared in the Defender portal. The conclusion is positive but honest: it is powerful and genuinely useful for surfacing connections that would otherwise be invisible, but it requires a skills profile that does not naturally exist in most SOC teams today.

Richard then moves to AI governance, picking up a blog post from the Power Platform team that essentially acknowledges governance cannot keep pace with the speed of AI development. With Agentic 365 heading toward general availability in May, and almost a third of enterprise employees already using unsanctioned AI agents, the gap between what is being built and what is being governed is not a theoretical risk.

Cyrus rounds out the episode with three security updates. The Zero Trust Workshop has been updated to include an AI pillar and expanded data and networking coverage, and is now fully web-based rather than requiring downloaded spreadsheets or PowerPoint decks. For anyone managing Apple devices via Intune, Microsoft is steering customers from the older MDM-based software update model toward Declarative Device Management, which shifts more of the update logic to the device itself and delivers better reliability and reporting. Finally, proactive user containment in Defender XDR reached general availability, blocking compromised identities at the endpoint layer rather than simply disabling accounts in Entra, which meaningfully limits lateral movement without taking the account fully offline.

The episode closes with a practical comparison of Claude Code and GitHub Copilot, drawn from Richard's direct experience of burning through his daily Claude Pro token allowance in about ninety minutes, and a teaser for a more structured vibe coding comparison across all three hosts in a future episode.

Socials
X/Twitter: https://x.com/richardihogan
Bluesky: https://bsky.app/profile/richardihogan.bsky.social
LinkedIn: https://www.linkedin.com/in/richardhogan/
Facebook: https://www.facebook.com/profile.php?id=61575242633345
Threads: https://www.threads.com/@richardhogan323

Music
Null Invocation: Monochrome Pulse
https://is.gd/b1kNU9