The question is no longer whether your team is using AI tools you haven’t sanctioned. They are. Research consistently shows that a significant proportion of employees use AI tools outside official channels, and the number rises in environments where sanctioned alternatives are slow, limited, or simply haven’t been provided.
This isn’t a behaviour problem. It’s a governance gap.
The challenge with shadow AI is that it’s not just standalone tools anymore. AI features embed directly into applications people already use — email clients, CRM systems, productivity suites, browser extensions. There’s often no clear “I’m now using an AI” moment. The user is just working, and a co-pilot or assistant is operating quietly in the background with access to whatever data is in that application.
Why a punitive approach fails
Announcing a “no unauthorised AI” policy and relying on enforcement tends to push shadow AI underground rather than eliminate it. People find workarounds. IT loses visibility. The risk stays — it just becomes less visible.
The more effective approach starts with discovery and understanding, not restriction. What are people actually using? What are they putting into these tools? What legitimate need is each tool addressing?
How to run the audit
Step 1 — Gather signals before you communicate. Before any announcement, review what’s already visible:
- Check Microsoft Entra ID for third-party OAuth grants — every application a user has connected to their Microsoft account appears here.
- Review endpoint telemetry from managed devices for browser extensions and application usage.
- Check SaaS platforms for AI features that may have been quietly enabled (many productivity tools now offer AI add-ons that are on by default).
This gives you a baseline before people start modifying their behaviour in response to being asked.
Step 2 — Map workflows, not just tools. A tool name tells you what someone is using. A workflow tells you what they’re putting into it and why. For each significant AI touchpoint you discover, understand:
- What is the input? (Client data, internal documents, public information?)
- What is the output? (A draft, a summary, a decision?)
- Who else sees it?
- Is it going into a managed account or a personal one?
Step 3 — Classify the data. Apply a simple four-level classification:
- Public — fine to use in any tool
- Internal — use in managed accounts only, not personal
- Confidential — approved tools with appropriate data handling agreements only
- Regulated — subject to specific legal obligations (health records, personal information under the Privacy Act)
This classification doesn’t need to be a formal project. A one-page guide your team can apply in five minutes is more useful than a comprehensive framework nobody uses.
Step 4 — Triage by risk. Prioritise based on two variables: how sensitive is the data the tool is accessing, and how much control do you have over that tool? A managed Microsoft 365 Copilot deployment with proper governance is very different from employees using personal ChatGPT accounts for client work.
Step 5 — Make clear decisions. For each tool or category:
- Approved — sanctioned for defined use cases, accessed through managed identity.
- Restricted — acceptable for low-sensitivity inputs only.
- Replace — redirect to an approved alternative that meets the same need.
- Blocked — unacceptable risk, remove access.
The goal is a set of decisions that are simple enough that your team can apply them without consulting IT every time.
Shadow AI is a data governance problem before it’s a security problem. The businesses most at risk are those planning to deploy Microsoft Copilot or other AI tools on top of a data environment that hasn’t been classified, governed, or cleaned up.
If you’d like help running a shadow AI audit or preparing your Microsoft 365 environment for Copilot, get in touch — that’s exactly the kind of engagement we build around the Safe to Scale approach.