The core structural shift described in this episode is the integration of AI as an active workflow actor within managed service environments, not simply as an isolated tool. This mechanism alters the governance and accountability requirements for MSPs, as AI now interacts directly with core business platforms and operational data. Companies like Microsoft are embedding AI features—such as Copilot and a legal AI agent—across productivity and security environments, while reports from Axios Future of Cybersecurity and The Register highlight that AI activity is increasingly touching managed identity, email, data, and security infrastructures.
The episode’s primary evidence centers on the adoption of AI-driven productivity and legal tools within Microsoft 365, with broad rollout timelines targeting early June. Microsoft’s deployment of legal AI agents in Word—as outlined by The Register and Thoreau—demonstrates that AI is being implemented to review contracts, draft language, and check citations, embedding itself into sensitive business workflows. Additionally, Proofpoint's formation of an MSP business unit around 365 security further reflects this shift, consolidating risk and workflow management where client data, identity, and security converge.
Supporting developments reinforce this trend of workflow centralization and accountability ambiguity. Vendors are introducing dashboards—such as Anthropic’s Claude code agent view—that offer improved visibility into AI-driven processes; however, as noted, visibility alone does not constitute governance. The emergence of platforms like Halo PSA and features from JumpCloud exemplify the market response, where vendors and MSPs are being forced to tighten control and monitoring around AI-driven work, including automation, ticketing, and remediation workflows. The episode notes that unmanaged automation creates governance risks that operators must close.
The practical implication for MSPs is a set of new operational burdens: rising margin pressure from unpriced AI governance work, contract risk if responsibilities for AI-generated actions remain undefined, and new demands for auditability, evidence retention, and workflow documentation. Providers must build inventories not only of AI tools but also the workflows they touch, define explicit service scope, and establish pricing models for governance functions. The operational tradeoff is an increasing need for infrastructure and process maturity, as the expectation of transparent, accountable AI-driven work is now a baseline for client trust and risk management.
03:50 Scope or Absorb
06:03 Four MSP Pressures
08:35 Why Do We Care?
Supported by:
💼 All Our Sponsors
Support the vendors who support the show:
👉 https://businessof.tech/sponsors/
🚀 Join Business of Tech Plus
Get exclusive access to investigative reports, vendor analysis, leadership briefings, and more.
👉 https://businessof.tech/plus
🎧 Subscribe to the Business of Tech
Want the show on your favorite podcast app or prefer the written versions of each story?
📲 https://www.businessof.tech/subscribe
📰 Story Links & Sources
Looking for the links from today’s stories?
Every episode script — with full source links — is posted at:
🎙 Want to Be a Guest?
Pitch your story or appear on Business of Tech: Daily 10-Minute IT Services Insights:
💬 https://www.podmatch.com/hostdetailpreview/businessoftech
🔗 Follow Business of Tech
LinkedIn: https://www.linkedin.com/company/28908079
YouTube: https://youtube.com/mspradio
Bluesky: https://bsky.app/profile/businessof.tech
Instagram: https://www.instagram.com/mspradio
TikTok: https://www.tiktok.com/@businessoftech
Facebook: https://www.facebook.com/mspradionews
Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
[00:00:02] AI isn't just entering the workplace as a tool, it's entering as a workflow actor. That changes what MSPs are expected to govern, document, price and defend. When automation touches sensitive data and the client asks what happened, the MSP gets the question whether or not the MSP designed the workflow. This is The Business of Tech. I'm Dave Solpe.
[00:00:26] AI is moving out of isolated experiments and into the systems where business work already happens. Productivity platforms, legal workflows, security tools, service dashboards and PSA systems are all becoming places where AI summarizes information, recommends action, prioritizes work or triggers the next step.
[00:00:47] For MSPs, that is the important distinction. This is not shadow AI sitting off to the side. This is AI entering the managed environment. Start with cybersecurity reporting from Axios' Future of Cybersecurity, which shows the same pattern from the risk side. AI is already shaping fraud, exploit development, exposed corporate data and institutional security spending.
[00:01:11] For providers, the signal is not abstract AI risk. It's that AI-driven activity is now touching the same identity, email, data and security environments they are expected to manage. Now look at what happens inside the software people use every day.
[00:01:27] The Register reports Microsoft is making Copilot easier to access across Word, Excel and PowerPoint, consolidating entry points, changing keyboard shortcuts and adding contextual prompts when users select content. Microsoft's own framing is about streamlining, but the observable fact is that AI assistance is being pushed closer to the center of routine productivity work, with broad rollout timing aimed at early June.
[00:01:56] And Microsoft isn't limiting this to generic help. Thoreau reports Microsoft has launched a legal AI agent inside Word in early access via its Frontier program. It isn't chat with a model. It's a purpose-built agent designed to draft edits, check citations, review track changes and compare contracts against internal playbooks, with humans still reviewing what it proposes.
[00:02:21] Proofpoint's new dedicated MSP business unit and Microsoft 365 security platform point to the same center of gravity. Vendors are organizing around Microsoft 365 because that is where client workflows, data, identity and security risk converge. AI is becoming part of the operating layer MSPs already manage. The next question is why that creates a different kind of business risk.
[00:02:49] One of the hardest problems in managed services isn't technology. It's delivering projects predictably and profitably. Every MSP has lived this moment. You estimate a project at 40 hours and it ends up taking 90. Not because your team isn't capable, but because projects have dependencies, shared engineers, shifting priorities and timelines that change constantly. That's where Movala comes in.
[00:03:13] Movala uses automation and AI-driven scheduling to build accurate project timelines and continuously adjust them as conditions change. That means you know with certainty when a project will actually finish, when engineers will become available and when you can safely take on new work. For MSPs trying to run a more mature, predictable operation, that kind of visibility is a big deal. If you want to deliver projects without the constant overruns, visit Movala.com.mspradio.
[00:03:42] That's M-O-O-V-I-L-A dot com slash MSP radio to learn more. The mechanism is simple. Automation removes manual steps and every removed step changes accountability. When a human reads, decides, approves, documents or escalates, there is usually some visible trail of responsibility.
[00:04:07] When AI summarizes, recommends, routes or acts, that responsibility can become harder to see. That is the governance gap MSPs are being pulled into. This is why the idea of an AI bill of materials matters. For MSPs, the value is not the terminology. It is the inventory. Which AI systems are in use? Which data do they touch? Which workflows can they influence? Which outputs are retained? Which actions require approval?
[00:04:36] Without those answers, the MSP cannot prove what happened, cannot define responsibility, and cannot price the work accurately. The new stack covers Anthropix's Cloud Code Agent View, a dashboard that corrals multiple AI coding sessions into one place. The same issue appears whenever vendors add dashboards or control layers around AI. Visibility is useful, but visibility is not governance.
[00:05:03] MSPs need audit trails, policy enforcement, retention rules, and proof that an automated workflow behaved within approved boundaries. And so the market keeps pulling work inward, into platforms that can impose order. This is why vendor activity keeps pulling work into those platforms. Security events become tickets, assessments become reports, remediation becomes standard workflow. The market is trying to turn scattered signals into managed process
[00:05:31] because unmanaged automation is too difficult to govern. So that's the mechanism. AI creates value by accelerating workflow, but it also creates risk by obscuring authority. The MSP opportunity is to make that authority visible. The risk is being held accountable for it without having scoped, documented, or priced it. If you're listening to this and you haven't hit follow yet on Apple Podcasts, search the business of tech.
[00:05:58] It takes five seconds and you'll get the next episode automatically. The consequence is that MSPs become the accountability layer for workflows they may not have designed. Clients do not usually separate the SaaS vendor, the AI feature, the security platform, and the managed service provider when something goes wrong. They ask the provider they trust to explain the outcome. The exposure is already visible.
[00:06:23] Surveys show MSPs are seeing breach pressure while also identifying AI as a growing threat. At the same time, vendors are beginning to package secure AI adoption as a deliverable with programs built around rules, training, assessments, boundaries, and proof. For operators, that creates four pressures. First, margin pressure because AI governance becomes unpaid work if it's not packaged and priced.
[00:06:49] Second, contract pressure because many agreements do not define responsibility for AI-generated summaries, recommendations, decisions, or workflow actions. Third, evidence pressure because clients will expect logs, approval paths, retention rules, and documented scope after an incident. Fourth, positioning pressure because clients will begin to distinguish between providers who support tools and providers who govern automated work.
[00:07:20] This episode is supported by Halo. Automation is becoming a defining characteristic of modern managed services. But automation only works if the core platform supports it. Halo PSA gives service providers the flexibility to build powerful workflows, integrate automation tools, and design service processes around how their business actually runs. For MSPs building a more automation-driven operation,
[00:07:46] Halo PSA is one of the platforms increasingly showing up in those conversations. Learn more at usehalo.com. Today's episode is supported by JumpCloud for MSPs. Imagine delivering intelligent, secure IT for every client from one unified platform. JumpCloud eliminates tool sprawl by bringing identity, device, and access management under one roof.
[00:08:12] Easily manage multiple clients via a multi-tenant portal, intelligently automate onboarding, and push patches across Mac, Windows, and Linux, all from a single pane of glass. The result? Tighter proactive security, fewer mistakes, and faster service delivery. To explore JumpCloud for MSPs, visit jumpcloud.com slash MSP radio. Why do we care?
[00:08:38] Because this changes the client conversations MSPs need to have in the next 30 days. The question isn't, are you using AI? Most clients already are, either formally or informally. The better question is, where is AI already touching company data, client work, security decisions, or operational workflows? That conversation matters because clients may assume their MSP is already covering the risk.
[00:09:04] They may assume Microsoft 365, security platforms, PSA integrations, and AI-enabled tools are all part of the same managed environment. But unless the MSP has defined scope, logging, approval paths, retention, and responsibility, that assumption creates a gap. The MSP should not wait for an incident to discover that the client expected AI governance to be included. Start with the question. Which AI-enabled tools are being used in your business today?
[00:09:34] Which of them can access company data or influence a workflow? And who do you expect to explain the outcome if something goes wrong? Now, what to consider? First, build an AI workflow inventory, not just an AI tool inventory. Identify where AI touches client data, where it summarizes or recommends actions, where it can trigger workflows, where outputs are stored, and who can approve or override them.
[00:10:02] Second, define service scope before clients assume coverage. Decide whether AI governance is included in the managed service agreement, excluded from it, or sold as a separate service. Be specific about monitoring, logging, policy review, approval paths, incident investigation, and third-party AI outputs. Third, price the governance work.
[00:10:25] If the MSP is expected to review AI use, validate controls, preserve evidence, investigate incidents, or advise on workflow risk, that work needs a commercial model. Otherwise, AI governance becomes another form of invisible labor. If this trend continues, MSP contracts will separate AI workflow governance from general managed services within two years,
[00:10:48] because clients will expect providers to prove which agents, co-pilots, connectors, identities, and retention stores touched sensitive work after an incident. This is the Business of Tech. Want more from the Business of Tech? Join Business of Tech Plus for ad-free episodes, early interviews, extended cuts, subscriber-only shows, and exclusive member perks and analysis.
[00:11:15] Sign up at businessof.tech slash plus. And follow this show in your podcast app, and if you're on YouTube, hit subscribe and the bell so you never miss a story. Reviews and comments help spread the word too. Interested in advertising? Head to mspradio.com slash engage. The Business of Tech is written and produced by me, Dave Sobel, under ethics guidelines posted at businessof.tech. Thanks for listening.
[00:11:44] I'll see you on the next episode.