SKILL.md— paste into Microsoft 365 Copilot or ClaudeDownload▸ View skill file▾ Hide skill file
---
name: Shadow AI App Discovery
description: Ranks unsanctioned generative AI apps from Defender for Cloud Apps and Purview DSPM for AI signals by users, data exposure, and risk score.
---
# Shadow AI App Discovery
> **TL;DR:** This skill pulls Microsoft Defender for Cloud Apps generative-AI discovery signals alongside Purview DSPM for AI telemetry and produces a ranked list of unsanctioned AI applications by user count, data sensitivity exposure, and risk score, with sanction or block recommendations.
## How does the Shadow AI App Discovery skill surface unsanctioned generative AI tooling?
This skill surfaces every generative AI application in use across the organisation that sits outside the sanctioned application catalogue. It combines Microsoft Defender for Cloud Apps discovery signals with Microsoft Purview DSPM for AI telemetry, capturing distinct user count, upload volume, the sensitivity labels seen in uploads, and the Defender risk score per app. It computes a composite risk weighted by data sensitivity and recommends a sanction, monitor, or block disposition. Discovery of this Agentic AI exposure is a precondition for application control, supporting Essential Eight ML2 evidence for Control 2.
## When should you run this skill?
- "Find unapproved AI apps"
- "Audit shadow AI usage in the tenant"
- "Rank generative AI apps by risk"
- "Prepare a shadow AI brief for the security committee"
## How this skill works, step by step
1. Pull the Defender for Cloud Apps cloud app catalogue filtered to the generative AI category
2. Cross-reference detected apps against the sanctioned application register
3. For each unsanctioned app capture: distinct user count, upload volume, sensitivity labels seen in uploads, Defender risk score
4. Compute composite risk: user count weighted by sensitivity tier of data uploaded
5. Recommend disposition: Sanction (low risk, broad usage), Monitor (medium), Block (high risk or sensitive data)
6. Produce the ranked table below
## Output format
| App | Vendor | Users | Upload Volume | Sensitive Uploads | Risk Score | Recommendation |
Followed by a summary:
- Unsanctioned apps detected: N
- Apps recommended for block: N
- Apps recommended for sanction: N
- Users affected by block recommendations: N
## Scope and safety
Read-only — recommendations only. This skill does NOT:
- Block or sanction apps (read-only — recommendations only)
- Inspect user prompt content
- Replace a formal vendor risk assessment
## Licensing and permissions
### Licences and add-ons
| Capability used | Minimum licence |
| --- | --- |
| Defender for Cloud Apps generative-AI app discovery | Microsoft Defender for Cloud Apps (included in Microsoft 365 E5 or E5 Security) |
| Purview DSPM for AI telemetry and sensitivity-label signals | Microsoft 365 E5 or E5 Compliance |
### Least-privilege roles
- Global Reader — read-only visibility across Defender and Purview signals
- Security Reader (Microsoft Defender XDR) — read-only access to Defender for Cloud Apps discovery data and app catalogue
### Microsoft Graph permissions (read-only)
- Defender for Cloud Apps cloud discovery and the unsanctioned-app catalogue are administered and read through the Microsoft Defender portal (Cloud Apps) and its dedicated API, not through Microsoft Graph, so no Graph scope applies to that signal.
- Purview DSPM for AI telemetry is reviewed in the Microsoft Purview portal rather than via Microsoft Graph; sensitivity-label definitions referenced in uploads can be read with `InformationProtectionPolicy.Read.All`.
## Sources and compliance
- Industry data shows 29% of Fortune 500 employees use unapproved agents — discovery is a precondition for control
- Supports E8 ML2 evidence for Control 2 (application control extended to SaaS AI)
- Reference: [https://learn.microsoft.com/en-us/defender-cloud-apps/ai-apps-discovery](https://learn.microsoft.com/en-us/defender-cloud-apps/ai-apps-discovery)
- Pair with Copilot Studio DLP Gap Check to consolidate internal and external AI exposure
- Output in Australian English
How to use this skill
- Get the file. Download or copy the
SKILL.mdfrom the panel above. - Load it into your host:
- Microsoft 365 Copilot / Copilot Studio — add it as the instructions of a declarative agent or Copilot Studio agent.
- Claude (Cowork / Claude Code) — drop the file into your skills folder; it loads as an Agent Skill automatically.
- Any chat host — paste the file contents as your prompt.
- Grant read-only access. Assign the least-privilege roles and Microsoft Graph scopes listed in Licensing and permissions below.
- Provide your tenant scope and run it (a site, a collection, or the whole tenant).
- Review the report and action the risk-ranked recommendations.
This skill is read-only by default — it inspects and reports, and never changes your tenant.
Shadow AI App Discovery
TL;DR: This skill pulls Microsoft Defender for Cloud Apps generative-AI discovery signals alongside Purview DSPM for AI telemetry and produces a ranked list of unsanctioned AI applications by user count, data sensitivity exposure, and risk score, with sanction or block recommendations.
How does the Shadow AI App Discovery skill surface unsanctioned generative AI tooling?
This skill surfaces every generative AI application in use across the organisation that sits outside the sanctioned application catalogue. It combines Microsoft Defender for Cloud Apps discovery signals with Microsoft Purview DSPM for AI telemetry, capturing distinct user count, upload volume, the sensitivity labels seen in uploads, and the Defender risk score per app. It computes a composite risk weighted by data sensitivity and recommends a sanction, monitor, or block disposition. Discovery of this Agentic AI exposure is a precondition for application control, supporting Essential Eight ML2 evidence for Control 2.
When should you run this skill?
- “Find unapproved AI apps”
- “Audit shadow AI usage in the tenant”
- “Rank generative AI apps by risk”
- “Prepare a shadow AI brief for the security committee”
How this skill works, step by step
- Pull the Defender for Cloud Apps cloud app catalogue filtered to the generative AI category
- Cross-reference detected apps against the sanctioned application register
- For each unsanctioned app capture: distinct user count, upload volume, sensitivity labels seen in uploads, Defender risk score
- Compute composite risk: user count weighted by sensitivity tier of data uploaded
- Recommend disposition: Sanction (low risk, broad usage), Monitor (medium), Block (high risk or sensitive data)
- Produce the ranked table below
Output format
| App | Vendor | Users | Upload Volume | Sensitive Uploads | Risk Score | Recommendation |
Followed by a summary:
- Unsanctioned apps detected: N
- Apps recommended for block: N
- Apps recommended for sanction: N
- Users affected by block recommendations: N
Scope and safety
Read-only — recommendations only. This skill does NOT:
- Block or sanction apps (read-only — recommendations only)
- Inspect user prompt content
- Replace a formal vendor risk assessment
Licensing and permissions
Licences and add-ons
| Capability used | Minimum licence |
|---|---|
| Defender for Cloud Apps generative-AI app discovery | Microsoft Defender for Cloud Apps (included in Microsoft 365 E5 or E5 Security) |
| Purview DSPM for AI telemetry and sensitivity-label signals | Microsoft 365 E5 or E5 Compliance |
Least-privilege roles
- Global Reader — read-only visibility across Defender and Purview signals
- Security Reader (Microsoft Defender XDR) — read-only access to Defender for Cloud Apps discovery data and app catalogue
Microsoft Graph permissions (read-only)
- Defender for Cloud Apps cloud discovery and the unsanctioned-app catalogue are administered and read through the Microsoft Defender portal (Cloud Apps) and its dedicated API, not through Microsoft Graph, so no Graph scope applies to that signal.
- Purview DSPM for AI telemetry is reviewed in the Microsoft Purview portal rather than via Microsoft Graph; sensitivity-label definitions referenced in uploads can be read with
InformationProtectionPolicy.Read.All.
Sources and compliance
- Industry data shows 29% of Fortune 500 employees use unapproved agents — discovery is a precondition for control
- Supports E8 ML2 evidence for Control 2 (application control extended to SaaS AI)
- Reference: https://learn.microsoft.com/en-us/defender-cloud-apps/ai-apps-discovery
- Pair with Copilot Studio DLP Gap Check to consolidate internal and external AI exposure
- Output in Australian English
Licensed under CC BY 4.0 by Educ4te . Adapted from the open HybridSP skills catalogue.
Last updated on