Shadow AI in Microsoft 365: the next frontier of IT risk

Shadow AI is the quiet problem sitting behind most AI conversations. It describes the unsanctioned use of AI tools by staff without approval or oversight from IT or security teams.

With generative AI everywhere, staff copy and paste emails, contracts, customer data and financials into whatever AI tool feels easiest at the time. Many employees are already using AI at work without formal approval and some are uploading sensitive information to unmanaged tools. (Check out our free AI Policy here).

Buying Microsoft 365 Copilot or ChatGPT on its own does not solve this. In fact, if your tenant is loose, Copilot can make the impact of shadow AI worse by surfacing data that was already overshared.

For New Zealand organisations running on Microsoft 365, the answer is not to ban AI, but to put proper guardrails in place and use the security features you already own.

At Layer3, we use advanced tools to reduce shadow AI risk through Microsoft 365 policies, so we can roll out Copilot with control rather than hope. These tools and services are baked into the base of every managed services agreement.

What shadow AI looks like in a Microsoft 365 world

Common shadow AI behaviours inside a Microsoft 365 environment include:

• Staff using public AI tools in a personal browser to rewrite emails, proposals or reports that contain client data
• Screenshots or copied content from Teams, SharePoint and Outlook pasted into unsanctioned AI tools
• Third party AI add-ins connected to Microsoft 365 using OAuth consent, without IT having visibility
• Users trying Copilot features from home devices that are not compliant or monitored

Each of these creates real risk: data leakage, regulatory issues, loss of IP and a larger attack surface for threat actors to exploit.

Copilot inherits your security model, not the other way round

Microsoft 365 Copilot does not create new permissions. It inherits whatever your identity, device and data policies already allow.

If any of the following are true, Copilot will happily work inside that reality:

• Overshared SharePoint sites where “Everyone” still has access
• Legacy guest accounts that still sit in privileged groups
• Laptops that sync files locally without device compliance or encryption

That is why Copilot readiness is really about shadow AI readiness. If you do not tighten the tenant first, Copilot simply makes it easier for people to find content that should never have been accessible.

Microsoft 365 controls that reduce shadow AI

The good news is that most of the controls you need to manage shadow AI are already in Microsoft 365.

1. Microsoft Purview Data Loss Prevention for Copilot and Copilot Chat

Microsoft Purview DLP policies can target Microsoft 365 Copilot and Copilot Chat. This means you can:

• Block or warn when users include regulated data types in prompts
• Stop Copilot from processing content that carries certain sensitivity labels
• Apply different rules for high-risk users or locations

This is central to reducing shadow AI. You are not only controlling where data can be stored and shared, you are actively managing how AI can interact with that data.

2. Sensitivity labels and label policies

Sensitivity labels in Microsoft Purview let you classify and protect data across emails, documents, Teams, SharePoint and OneDrive. They can enforce encryption, access controls, external sharing limits and visual markings.

With the right label strategy you can:

• Define rules such as “Highly confidential finance data cannot be used by Copilot at all”
• Limit which departments can open or share specific content
• Ensure that overshared sites are identified and corrected before Copilot roll out

3. SharePoint and OneDrive oversharing controls

Modern SharePoint and OneDrive include oversharing controls and access review capabilities that reduce the amount of “open by accident” content in your tenant.

Cleaning up years of open folders is one of the fastest ways to reduce shadow AI risk, because it reduces the pool of data that any AI tool can potentially surface.

4. Entra ID Conditional Access and app governance

Conditional Access policies allow you to control:

• Which devices and locations are allowed to access Copilot and other AI services
• Whether unmanaged devices can download or sync files
• Whether unknown third party apps can connect to Microsoft 365 using OAuth

Combined with app governance, you can block or monitor AI tools that try to connect to Microsoft 365 without going through your approval process.

5. Intune device compliance and app protection

Intune lets you enforce device compliance for access to Microsoft 365, and apply app protection policies to control what users can do with data on mobile and desktop.

This matters for shadow AI because it helps you:

• Stop users from accessing sensitive data on personal or non-compliant devices
• Restrict copy and paste between managed apps and unmanaged AI tools

6. Auditing, eDiscovery and logging for AI activity

Microsoft 365’s unified audit log, Purview eDiscovery and Copilot-specific logging give you visibility into how AI is being used. You can monitor:

• Who is using Copilot and for what workloads
• Which sensitivity labels appear most often in prompts and responses
• Whether users are repeatedly hitting DLP rules, which may indicate risky behaviour or training gaps

Turning Copilot governance into a repeatable service

Doing all of this manually for every Microsoft 365 tenant does not scale, especially once you add Copilot and shadow AI into the mix. That is why we have built a standardised Copilot readiness and governance service.

First, we run a Copilot readiness assessment that analyses:

• Microsoft 365 identity and access
• Device posture and compliance
• Data classification, sharing and Purview DLP policies
• Overall security configuration across Exchange, SharePoint, OneDrive and Teams

From there, we map the findings into clear recommendations and a practical roll out plan.

Behind the scenes we use automation and policy templates to:

• Deploy consistent Purview DLP policies across multiple tenants
• Enforce rules that prevent sensitive data from leaving trusted domains or being uploaded to unauthorised apps and AI tools
• Monitor and tune policies over time as usage patterns and risk change

For our customers, that means:

• A clear go or no-go decision for Copilot
• A concrete list of Microsoft 365 policy changes that reduce shadow AI risk
• Ongoing governance rather than a one-off project
• Keep your Microsoft 365 policies aligned, even when Microsoft makes changes

Practical next steps to tackle shadow AI

If you are worried about shadow AI in your Microsoft 365 environment, here is a simple path forward:

1. Acknowledge that AI is already in use
   Staff are using AI tools today, whether you have bought Copilot or not. Treat this as a governance and policy problem, not a user problem.
2. Implement an AI Policy
   We have an AI policy available for download, free.
3. Run a Copilot and shadow AI readiness assessment
   Engage Layer3 to run a Co-Pilot readiness check to understand your current identity, device and data posture, and to quantify the gaps.
4. Tighten the basics in Microsoft 365
   Fix overshared sites, implement a sensible sensitivity label strategy, enforce Conditional Access and Intune compliance, and turn on the right Purview DLP controls for Copilot.
5. Give people a safe, approved way to use AI
   Provide Microsoft 365 Copilot with the right guardrails, instead of pushing staff toward unmanaged tools.
6. Monitor, educate and iterate
   Use audit data and DLP alerts to refine policies. Run short, practical awareness sessions so people understand why certain prompts or tools are blocked.

Shadow AI will not disappear, but with the right Microsoft 365 policies and MSP partner, like Layer3, you can keep it in the light, reduce the risk, and still get the benefits of AI for your business.