‍

For this week’s Techie Tuesdays, we are going deeper. This one is for engineers, architects, and Microsoft 365 admins who operate at scale and need more than surface level tooling.

‍

Let’s talk about Corey, CoreView’s AI-powered administration agent for Microsoft 365, and more importantly how it works from a technical perspective and why it stands apart from the growing number of AI copilots entering the market.

The Breaking Point of Traditional M365 Administration

Managing Microsoft 365 at scale has become increasingly complex.

There are over 60 services spanning identity, collaboration, security, and compliance. Administrators are dealing with more than 18 separate admin portals and tens of thousands of configuration permutations. Add to that constant platform updates and policy drift, and the operational burden quickly becomes unsustainable.

This is not just an efficiency issue. It is a security challenge.

Gaps in visibility, inconsistent policy enforcement, and slow response times all increase risk exposure. Traditional approaches based on portal navigation, scripting, and reactive auditing do not scale in modern environments.

‍

Corey: An AI Admin Agent, Not Just a Copilot

‍

Corey takes a fundamentally different approach to administration.

Rather than layering AI on top of existing tools, Corey acts as an execution layer. It allows administrators to query tenant state using natural language, correlate data across services, and take action from the same interface.

This replaces the need for extensive PowerShell scripting, reduces dependency on multiple portals, and eliminates the need to stitch together reporting manually.

From a technical standpoint, Corey functions more like an abstraction layer over Microsoft Graph, PowerShell, and native admin APIs. It translates intent into structured actions and executes them within defined governance boundaries.

‍

Architecture Deep Dive

Task-Level Least Privilege

One of the most significant architectural differences is how Corey handles permissions.

Traditional role-based access control in Microsoft 365 often leads to overprivileged accounts. Corey instead operates with task-scoped permissions, where access is granted at the action level rather than through broad roles.

This reduces the blast radius of any given operation and aligns more closely with Zero Trust principles.

Virtual Tenant Segmentation

CoreView introduces a virtual tenant model that enables logical segmentation within a single Microsoft 365 tenant.

This allows organisations to define administrative boundaries without needing separate tenants. It is particularly useful for managed service providers, large enterprises with multiple business units, and scenarios requiring strict separation of duties.

The result is more granular control over who can see and do what within the environment.

Guardrailed AI Execution

A key concern with AI-driven administration is uncontrolled change.

Corey addresses this by embedding governance directly into its execution model. Actions are validated against policy, constrained by scope, and fully audited. Organisations can enforce approval workflows and maintain visibility over every action taken.

This ensures that AI enhances operations without introducing additional risk.

Natural Language to Action Pipeline

Corey’s core capability is translating natural language into executable actions.

An administrator can issue a request such as identifying users with elevated privileges or removing licenses from inactive accounts. Corey interprets the request, maps it to the appropriate API or command set, validates it against governance controls, and executes it.

This effectively abstracts the complexity of Microsoft Graph and PowerShell into a single operational layer.

‍

Security and Operational Use Cases

Corey delivers value across several key operational and security domains.

In identity and access management, it enables rapid auditing of roles, enforcement of MFA, and removal of dormant accounts. In security operations, it accelerates investigation and response by surfacing issues in real time and enabling immediate remediation.

From a governance perspective, it simplifies compliance reporting and provides a complete audit trail of administrative actions. In licensing, it helps organisations optimise spend by identifying unused or misaligned licenses and automating allocation.

All of this is achieved without switching between tools or writing custom scripts.

‍

Where Corey Fits in the Stack

Within a modern Microsoft security architecture, Corey operates as a control plane for administration.

It sits above native Microsoft tooling such as Entra, Defender, and Intune, providing a unified layer for visibility and action. It complements governance frameworks and aligns well with Zero Trust and CAF-based approaches.

For organisations working with Cyber Vigilance, this positions Corey as both a force multiplier for existing teams and a way to standardise operations across complex environments.

‍

The Shift to AI-Mediated Operations

What Corey represents is a broader shift in how administration is performed.

The industry is moving away from interface driven and script heavy operations toward AI mediated execution with built in governance.

The critical factor for technical teams is not just the presence of AI, but how it is controlled. Systems must be constrained, auditable, and aligned to least privilege principles.

Corey is designed with these requirements at its core.

‍

Final Thoughts

Corey is not simply an incremental improvement to Microsoft 365 tooling. It represents a change in how administrative work is executed.

For technical teams, the value lies in reducing complexity, improving consistency, and strengthening security controls while increasing operational speed.

As Microsoft 365 continues to evolve into critical infrastructure for organisations, approaches like this will become increasingly important.

‍