Back in early December, I managed to take down O365 email and Teams messaging for my entire organization for 3 days. Anyone who sent an email or Teams message with an attachment would immediately have it quarantined without recourse as "High confidence phish." I didn't realize it was me until a bunch of people from the Microsoft 365 security team sent me LinkedIn requests - and one of them let me know.
So what happened?
I was going down the machine learning rabbit hole while building out a new program for Data Analysis and AI that maps to all of the content on the DataX certification. As a software developer, that meant I was playing with Tensorflow, Keras, Scikit-learn, and so on - and since I have one of those Snapdragon Copilot+ PCs, I was playing with ONNX + QNN for the purposes of automating the creation of my 1-on-1 progress report I have to do each month for my boss. It had full access to my O365/Teams/SharePoint/OneDrive, but all models (mostly quantized) were run locally to ensure that no sensitive data was copied elsewhere.
A bit of automation to comb through my previous month's emails, Teams messages, and key files to fill in a form with my vernacular seemed harmless to me, but freaked out Microsoft Sentinel on the O365 side as it wasn't used to that type of searching/activity.
But it ended well - our IT team got a good chaos engineering exercise, I got my 1-on-1 progress report finished, and others in my organization are now more paranoid about AI in general.
I'm looking forward to generating my 1-on-1 report again next week
So what happened?
I was going down the machine learning rabbit hole while building out a new program for Data Analysis and AI that maps to all of the content on the DataX certification. As a software developer, that meant I was playing with Tensorflow, Keras, Scikit-learn, and so on - and since I have one of those Snapdragon Copilot+ PCs, I was playing with ONNX + QNN for the purposes of automating the creation of my 1-on-1 progress report I have to do each month for my boss. It had full access to my O365/Teams/SharePoint/OneDrive, but all models (mostly quantized) were run locally to ensure that no sensitive data was copied elsewhere.
A bit of automation to comb through my previous month's emails, Teams messages, and key files to fill in a form with my vernacular seemed harmless to me, but freaked out Microsoft Sentinel on the O365 side as it wasn't used to that type of searching/activity.
But it ended well - our IT team got a good chaos engineering exercise, I got my 1-on-1 progress report finished, and others in my organization are now more paranoid about AI in general.
I'm looking forward to generating my 1-on-1 report again next week
Last edited:
