AI Risk Assessment

You think you're not using AI.
Your staff already are.

Every time someone connects an AI tool to your Microsoft 365 without oversight, they may be handing over the keys to your entire business. Our AI Audit finds every app with access to your environment — before it becomes a problem.

Certified CyberCert Partner
Melbourne-based engineers
Book My AI Audit
3+
Unauthorised AI tools found in the average Microsoft 365 tenant we audit
1
Click is all it takes for a Global Admin to hand an AI tool full tenant access
0
Businesses that knew it was happening — until we told them

A Real Client Story

"We're not really using AI yet. So we're pretty low risk."

A business owner came to us recently for a quote on managed IT. As part of our onboarding process, we ran an audit on their Microsoft 365 tenant.

What we found told a very different story.

One person connected an AI email writing tool — to write emails faster.

Another found a "free" AI meeting summariser and connected it to their calendar and Teams.

A third connected a document AI assistant directly to SharePoint.

None of them asked permission. None of them understood what they were agreeing to.

The Reality of AI Right Now

The question isn't "are we using AI?"
The question is "what's already connected that we don't know about?"

Your staff are already using AI — whether you've approved it or not. And every time someone connects an app to your Microsoft 365 environment without oversight, they're potentially handing over the keys to your entire business.

Your environment is only as secure as your least cautious team member.

What We Look For

What the AI Audit covers

A thorough review of your Microsoft 365 environment and any connected applications — so you know exactly what has access and what to do about it.

Connected App Inventory

Every third-party application with OAuth access to your Microsoft 365 tenant — identified, categorised, and assessed for risk level.

Admin Permission Exposure

Which users are Global Admins, which apps have admin-level consent, and where privilege escalation risk exists in your tenant.

Data Access Scope

What data each connected application can read, write, or export — including SharePoint, OneDrive, Teams, email, and contacts.

App Consent Policy Review

Whether your tenant allows users to consent to third-party apps on their own — the most common configuration gap we find.

Shadow AI Detection

AI tools that staff have connected outside of IT's visibility — browser extensions, standalone apps, and services with SSO login via Microsoft.

Remediation Roadmap

A clear, prioritised action list — what to revoke immediately, what to lock down, and what policy changes to implement to prevent recurrence.

What You Receive

You'll know exactly where you stand.

The AI Audit is a structured, documented engagement — not a verbal conversation. You receive a written report you can act on, share with your board, or use as evidence for cyber insurance.

  • Full connected app report

    Every application with access to your Microsoft 365 tenant, with risk rating and access scope for each.

  • Admin exposure summary

    A clear picture of who has Global Admin rights, where those rights have been inadvertently shared with third-party apps, and how to reduce that exposure.

  • Shadow AI findings

    Any AI tools your staff have connected without approval — named, categorised, and assessed.

  • Prioritised remediation plan

    What to revoke now, what to restrict, and what governance policies to put in place — in plain language your team can execute.

  • Debrief call with our team

    A 30-minute session to walk through findings, answer questions, and prioritise next steps based on your business risk.

Book Your AI Audit

We'll be in touch within one business day to schedule your audit.

Your information is held in confidence and never shared. Privacy Policy.

Take Back Control

Four things every business needs to do right now

Audit your connected apps

Find out what third-party applications currently have access to your Microsoft 365 environment. Most businesses are surprised by the list.

Lock down user app consent

Stop staff from being able to grant third-party apps access to your environment without IT approval. This one setting closes the most common entry point.

Remove unnecessary Global Admins

Global Admin should be the exception, not the default. Reduce the blast radius of any future inadvertent consent by limiting who holds that role.

Create an AI usage policy

Give staff a clear, documented policy on which AI tools are approved, how to request approval for new tools, and what happens when they go around the process.

You might not like what we find.
But it's better than not knowing.

If you haven't audited your Microsoft 365 tenant recently — you should. Book an AI Audit with our Melbourne team and get a clear picture of what's connected to your business.

Book My AI Audit

Or call us directly: 1300 477 814