Answer — AI Governance
How do you detect shadow AI in Microsoft 365?
Shadow AI is detected through the traces it leaves: Microsoft 365 audit logs, Entra ID permissions, connected apps, and vendor-enabled agents. The hard part is not seeing it once but keeping a continuous inventory — Copilot audit records are kept only 180 days by default.
What is shadow AI, concretely?
Shadow AI is the AI working inside your organization without ever passing through your approval process: an employee pasting data into a public chatbot, a note-taker added to your meetings, an agent switched on by an update to software you already used. It is not a fringe phenomenon: IBM’s Cost of a Data Breach Report (2025) attributes 20% of breached organizations to shadow AI, with an average of US$670K added to breach costs.
Where do you look in a Microsoft 365 environment?
The traces exist — provided someone consults them systematically:
- Audit logs (Purview): who used Copilot, on which content, when. The raw material of any inventory.
- Entra ID permissions: which applications and agents hold consented access to your data — including grants made long ago and never revisited.
- Connected apps: third-party integrations, add-ins, and connectors that now embed AI features without announcing it.
- Vendor activations: AI features shipped “on by default” inside tools already deployed.
Why is a one-time check not enough?
Two reasons. First, the perimeter moves weekly: today’s snapshot is stale by the next vendor rollout. Second, the system’s memory is short: by default, audit records — including Copilot activity — are retained 180 days. Whatever was not surfaced and recorded in time disappears, while Law 25 and your stakeholders think in years.
The durable answer is an inventory maintained continuously, backed by a history that does not fade. That is what Agentica does: continuous discovery and mapping of every AI agent in your business environment — Microsoft 365 is the first connector — recorded in a tamper-proof history that preserves the evidence beyond default retention windows. Read-only, metadata and signals only: we can see that an AI tool modified a file at 2:00 PM and who owns it — never what is inside.