Skip to main content

Shadow AI Is Already in Your Clients' Tenants. Here Is How to See It.

Nick Ross4 min read

TL;DR

  • Shadow AI is corporate data flowing into unmanaged AI tools through personal accounts, and it is already happening in most Microsoft 365 tenants.
  • Defender for Cloud Apps detects generative AI usage natively on Business Premium, E3, or E5 — no third-party agents required.
  • Detection requires two things: qualifying licensing and devices enrolled in Defender for Endpoint or Defender for Business.
  • Cloud Discovery shows who used which AI app and how much data they uploaded, but it does not block anything by itself.
  • Discovery data is retained for 90 days, so baseline every tenant before the window closes.

Tell an MSP "your clients' users are pasting corporate data into AI tools nobody manages" and nobody argues. They just had not looked yet.

That is the Shadow AI problem in one sentence. It is not a future risk. It is happening today, quietly, in every tenant you manage — and the detection layer is probably already in your clients' licensing.

What shadow AI actually looks like

Picture an accounting employee at one of your clients trying to get a proposal out the door. Personal Gmail open in Chrome, new tab, claude.ai with a personal account, upload the draft. The proposal has client names, contract values, and internal pricing.

She is not trying to cause harm. She wants to finish faster. But within 30 seconds that data has left the security perimeter, processed on a server nobody vetted, through an account you have zero visibility into. No alert fires. No ticket gets created. Unless you go looking, you will never know it happened.

And this is not just ChatGPT and Claude. Microsoft's cloud app catalog now tracks over 1,000 generative AI applications — transcript tools, writing assistants, coding tools, meeting summarizers — and the list grows every week as SaaS products bolt AI onto their platforms.

What you need before detection works

Microsoft ships a native detection layer inside Defender for Cloud Apps. If your clients run Business Premium, they likely already own it. No third-party agents, no extra tooling. Two boxes need checking:

  1. Licensing. Microsoft 365 Business Premium or higher (E3/E5 with Defender for Cloud Apps also qualifies). Business Standard and Basic do not include this — flag it during security assessments.
  2. Device enrollment. Devices must be enrolled in Microsoft Defender for Endpoint or Defender for Business. The discovery engine reads traffic from managed endpoints, so anything not enrolled is invisible. That caveat matters in mixed environments.

Once both conditions are met, Defender for Cloud Apps starts collecting passively. No policy to write, no switch to flip.

Note: Defender for Business is the SMB version of Defender for Endpoint and is included in Business Premium. Business Premium plus enrolled devices means you are already collecting.

Where to find it in the portal

Head to security.microsoft.com (opens in new tab) and navigate to Cloud Apps → Cloud Discovery → Discovered Apps. Filter by category and select Generative AI.

Defender for Cloud Apps Discovered Apps view filtered to the Generative AI category

You get every generative AI application accessed from managed devices in that tenant, ranked by user count. Sort by users, devices, or traffic volume. The breadth surprises people more than the volume — it is rarely just ChatGPT and Claude, though they usually carry the biggest footprint.

Click into any app for the detail view: total users, total devices, traffic in and out, and the list of individual users. Bytes uploaded is the number to watch. That is data leaving the environment. You cannot see what was uploaded, but you can see that it happened and who did it.

Each app carries a Risk Score out of 10 based on data handling, compliance certifications, and security posture. Below 5 flags red. That does not mean the app is malicious — it means it has not passed enterprise-grade scrutiny, and that is the conversation to have with your client.

For developers: Microsoft has added cloud app discovery data to Microsoft Graph via a beta endpoint. The cloudAppDiscoveryReport and discoveredCloudAppDetail resources under the /beta security namespace let you query discovered apps, pull user lists, and build multi-tenant reporting without screen-scraping the portal. It is in preview as of June 2026 — prototype now, do not ship to production yet.

Three things to know before you start

Discovery is not enforcement. This shows you what is happening; it does not block anything. Blocking unsanctioned AI apps takes additional Defender for Cloud Apps policy configuration, available in E5 or the Defender Suite add-on for plans like Business Premium. Visibility first, enforcement second.

Personal accounts are a blind spot. A user on claude.ai through personal Gmail on a managed device shows up as traffic to claude.ai — Defender cannot tell you it is a personal account from this view alone. The data is still leaving. Keep that framing with clients. There are ways to lock this down with Claude specifically; that is its own article.

The 90-day window. Cloud Discovery retains data for 90 days by default. Build the check into your QBR rhythm so the window never closes without a baseline captured.

The MSP problem: the data lives in 20 portals

The detection works. The problem is operational: the data lives in a separate Defender portal for every client. Logging into 20 portals to understand Shadow AI exposure across your book of business is not a workflow, it is a punishment.

That is exactly what we are solving at CloudCapsule. The Shadow AI Report — part of the holistic security assessment, in early access now — pulls Defender for Cloud Apps generative AI discovery across all your tenants into a single view: which clients have the most exposure, which AI apps are most prevalent, and where to start the conversation.

CloudCapsule Shadow AI Report aggregating generative AI discovery across tenants

Frequently asked questions

What license do you need to detect shadow AI in Microsoft 365?

Microsoft 365 Business Premium or higher. E3 and E5 with Defender for Cloud Apps also qualify. Business Standard and Business Basic do not include Cloud Discovery, which is worth flagging in any security assessment.

Can Defender for Cloud Apps block unsanctioned AI apps?

Not at the Business Premium tier. Discovery shows you what is happening; blocking requires additional Defender for Cloud Apps policy configuration, available in E5 or via the Defender Suite add-on. Get visibility first, then have the enforcement conversation.

Does this catch users on personal AI accounts?

Partially. If a user accesses claude.ai from a managed device with a personal account, Defender sees the traffic and the upload volume, but it cannot distinguish a personal login from a corporate one in this view. The data is still leaving either way.

Shadow AI exposure across every tenant, one view

CloudCapsule's Shadow AI Report pulls Defender for Cloud Apps discovery data from all your tenants into a single dashboard — which clients are most exposed, which AI apps are spreading, and where to start the conversation. Early access is open.

Book a demo
Nick Ross

Written by

Nick Ross

CEO · Microsoft MVP · Founder, T-Minus 365

Nick is not just a CEO, he's a respected thought leader and influencer in the MSP space. Tens of thousands of MSPs learn through his YouTube channel, T-Minus365. Nick has been honored as a three-time Microsoft MVP for his educational content; his expertise and influence are the backbone of our mission, ensuring that you are in the best hands when it comes to security.

Nick joined Pax8 in 2017, where he would ultimately oversee product management for PSA and Microsoft integrations. Following his tenure at Pax8, Nick has continued to demonstrate his leadership prowess as an executive at various MSPs, culminating in his most recent role at Sourcepass.

Nick holds a Bachelor's Degree in Business Management from Florida State University, as well as a Minor Degree in Entrepreneurship. In his free time, Nick is an avid hiker, reader, and fitness-junkie.

Keep reading