Brian J. Hu
@brianjhu.bsky.social
Professor in Toronto researching the collision of AI and human behavior. Bridging behavioral science with the ADKAR change methodologies. Helping orgs navigate rapid digital adoption. brianjhu.com
Check your Azure portal today. If you don’t see the ZDR confirmation, your "private" AI is creating a 30-day paper trail of your most sensitive IP. Fix it.
Follow me for more insights on enterprise AI adoption and governance.
Follow me for more insights on enterprise AI adoption and governance.
January 14, 2026 at 1:37 PM
Check your Azure portal today. If you don’t see the ZDR confirmation, your "private" AI is creating a 30-day paper trail of your most sensitive IP. Fix it.
Follow me for more insights on enterprise AI adoption and governance.
Follow me for more insights on enterprise AI adoption and governance.
Why does this matter? Operational Defensibility. When you activate ZDR, you shift from "We delete data eventually" to "Data persistence is technically disabled."
Auditors prefer certainty. Lawyers demand it.
Auditors prefer certainty. Lawyers demand it.
January 14, 2026 at 1:37 PM
Why does this matter? Operational Defensibility. When you activate ZDR, you shift from "We delete data eventually" to "Data persistence is technically disabled."
Auditors prefer certainty. Lawyers demand it.
Auditors prefer certainty. Lawyers demand it.
You need to apply for and activate Zero Data Retention (ZDR). It’s not a default setting; it’s an exemption.
Once active, the logging pipeline for abuse monitoring is severed. No storage. No human review. No 30-day cache.
Once active, the logging pipeline for abuse monitoring is severed. No storage. No human review. No 30-day cache.
January 14, 2026 at 1:37 PM
You need to apply for and activate Zero Data Retention (ZDR). It’s not a default setting; it’s an exemption.
Once active, the logging pipeline for abuse monitoring is severed. No storage. No human review. No 30-day cache.
Once active, the logging pipeline for abuse monitoring is severed. No storage. No human review. No 30-day cache.
This is the "Black Box" problem. You are relying on a policy (trust) rather than architecture (verification).
For banking, healthcare, or legal apps, "Microsoft promised they only look if it gets flagged" isn't an acceptable defense strategy.
For banking, healthcare, or legal apps, "Microsoft promised they only look if it gets flagged" isn't an acceptable defense strategy.
January 14, 2026 at 1:37 PM
This is the "Black Box" problem. You are relying on a policy (trust) rather than architecture (verification).
For banking, healthcare, or legal apps, "Microsoft promised they only look if it gets flagged" isn't an acceptable defense strategy.
For banking, healthcare, or legal apps, "Microsoft promised they only look if it gets flagged" isn't an acceptable defense strategy.