IT teams are scrambling to secure Microsoft 365 environments after a massive surge in unauthorized AI usage. Here is a practical framework to audit shadow AI in Outlook, secure sensitive data, and replace risky browser tools with zero-retention alternatives.
Key takeaways
- Employees bypass security to fix email tone, driving a 90% surge in shadow AI.
- Copying sensitive email threads into public AI models creates massive data exfiltration risks.
- Auditing requires combining endpoint telemetry with user surveys to uncover hidden workarounds.
- Providing a zero-retention, Outlook-native alternative is the only way to stop shadow usage.
The governance gap
The Scale of Unauthorized AI Use in M365 Email Workflows
Employees aren't waiting for IT approval to use AI for email, creating a massive governance gap that bypasses traditional security controls. In mid-2025, MIT's Project NANDA released findings that crystallized what many IT leaders already suspected: workers at more than 90 percent of companies were using personal AI tools for daily tasks. Meanwhile, only 40 percent of organizations maintained official large language model subscriptions.
This matches broader enterprise data. Deloitte's 2026 State of AI in the Enterprise report documented a 50 percent rise in worker access to AI during 2025 alone. Similarly, Reco's 2025 State of Shadow AI Report revealed that 53 percent of all shadow AI activity flows through a single consumer platform, creating a massive single point of failure.
For teams living in Microsoft 365, the problem concentrates in the inbox. Sales representatives paste multi-email threads containing pricing discussions into public tools for better phrasing. Customer service agents feed complaint histories into browsers to generate empathetic replies. The convenience is real, but the resulting shadow AI Outlook usage leaves IT completely blind to where corporate data is going.
Mid-market organizations (100-1,000 employees) sit at the epicenter. They possess enough complexity for sensitive data to flow through email, yet often lack the dedicated AI governance teams found in larger enterprises. The result is a surge that moved from experimental to entrenched in roughly 18 months.
Data exfiltration risks
Why Email is the Highest-Risk Vector for Shadow AI
Email is uniquely dangerous because it already contains the organization's most sensitive unstructured data. A single customer escalation thread can hold personally identifiable information (PII), contract terms, internal pricing, and strategic commentary (and yes, that includes your own inbox). When that content is copied into an unsanctioned AI tool, several failures occur simultaneously.
First, data leaves the Microsoft 365 compliance boundary. Second, it enters training pipelines of consumer models with unknown retention policies. Third, there is no audit trail connecting the prompt back to the specific employee, email, or customer.
Recent breach data reinforces the stakes. IBM and Ponemon's 2025 Cost of a Data Breach Report found that 20 percent of organizations reported security incidents linked to shadow AI. These incidents carried an average additional cost of $670,000. Worse, 65 percent of such AI-related incidents involved PII exposure, and 40 percent involved intellectual property theft.
Real-world patterns observed across teams illustrate the risk. A sales development representative struggling with a silent prospect pastes the last three emails into a public assistant seeking more confident language. The response is useful, but the exposure of the prospect's objections and budget signals is not. Similarly, a customer success manager handling a churn-risk account uses AI to soften a renewal reminder. The original message contained usage metrics and support ticket history that should never have left the tenant.
Where data leaks
Common Shadow AI Entry Points in M365
To effectively audit shadow AI in Outlook, you need to know exactly where the data leaks happen across distributed endpoints. The modern Microsoft 365 environment is highly distributed, meaning employees have multiple avenues to bypass official channels.
Browser Extensions:
This is the most common vector. Employees install third-party grammar or writing extensions in Chrome or Edge. These tools often read every keystroke typed into Outlook on the web, sending data back to external servers for processing.
Mobile Keyboards:
When employees answer emails on the go, they often use third-party iOS or Android keyboards that feature built-in AI rewriting. This bypasses corporate network controls entirely.
Copy-Paste to Web Tabs:
The classic alt-tab maneuver. A user copies a sensitive email thread, pastes it into a consumer LLM in a separate browser tab, gets the rewritten text, and pastes it back into Outlook desktop.
Unauthorized Outlook Add-ins:
Users sometimes sideload or approve third-party add-ins from the Microsoft Store that haven't been vetted by IT, granting them read access to the inbox.
User behavior patterns
What IT Admins Actually Observe in Outlook-Heavy Teams
Employees use unauthorized AI to solve real inbox pressure, not to maliciously leak corporate data. After years spent helping teams improve email tone and clarity, we've seen specific behaviors repeat. Gen Z professionals use AI to sound more polished when communicating upward. Global team members lean on it to avoid cultural missteps in diplomatic phrasing. Sales representatives treat AI as a productivity accelerator for high-volume inboxes.
The surprising part: these users face tone anxiety and pressure to personalize at scale. When the sanctioned toolkit feels cumbersome, they default to what works fastest in the browser tab next to Outlook. Even when organizations deploy Microsoft Copilot, users often find its broad, multi-app capabilities too slow or complex for a quick one-sentence email rewrite, driving them right back to unsanctioned consumer tools. Other tools like Grammarly or Wordtune often require browser extensions that IT flags as compliance risks, leading users to bypass them entirely for personal mobile devices.
The consequence is fragmented governance. One department adopts a particular writing assistant via browser extension. Another uses mobile web versions during travel. Audit logs become noisy with traffic to consumer AI domains, yet connecting that traffic to specific email content remains difficult without mature data loss prevention rules.
The prohibition trap
Why Banning AI Outright Fails
Blanket bans on unauthorized AI fail because they ignore the underlying productivity demands driving the behavior. Look, when faced with a 90 percent surge in unauthorized usage, the knee-jerk reaction for many IT admins is a strict prohibition. They block domains, disable add-ins, and send out a stern company-wide memo.
Here is why that matters: it never works. If you ban AI without providing a viable alternative, employees will simply find harder-to-detect workarounds. They will use their personal phones off the corporate Wi-Fi. They will use obscure, newly launched AI tools that haven't made it onto your firewall's blocklist yet. The demand for better, faster email writing is too strong to legislate away.
Instead of playing whack-a-mole with consumer AI domains, the goal should be controlled enablement. You acknowledge that employees need help with tone, clarity, and grammar, and you provide a tool that does exactly that within the safety of the corporate boundary.
A repeatable framework
How Do You Audit Shadow AI Email Tools in Microsoft 365?
You cannot secure what you cannot see, so auditing requires combining technical telemetry with user self-reporting. A practical framework used successfully with Outlook-heavy teams follows a four-step model tailored for email-specific telemetry.
Discovery Phase:
Begin with Microsoft Defender for Cloud Apps to catalog AI app usage across the tenant. Cross-reference with Microsoft Intune device inventories for browser extensions containing "AI" or "rewrite" in their names. Review Entra ID sign-in logs for OAuth grants to consumer AI services. Supplement this with a short anonymous survey asking how employees currently improve email tone.
Risk Assessment Phase:
For every discovered tool, map three variables: sensitivity of data handled, frequency of use in email workflows, and the tool's own security posture. Prioritize any tool that has processed threads containing customer PII or financial data. If a tool cannot provide a zero-retention guarantee, it has no business touching your corporate email.
Control Implementation Phase:
Block the highest-risk unsanctioned tools at the firewall. For sanctioned enterprise AI, apply Purview Data Loss Prevention rules that scan for sensitive information types before content can be sent to external models.
Governance Phase:
Establish a lightweight AI usage policy that explicitly addresses email scenarios. Track metrics monthly, including the percentage reduction in traffic to blocked AI domains and the adoption rate of sanctioned tools.
Why Telemetry Alone Isn't Enough
But there is a catch: IT teams often rely solely on endpoint detection or firewall logs. In our experience, this misses the bring-your-own-device gap. Employees drafting sensitive emails on their personal smartphones while commuting will often use the native iOS keyboard or a personal browser tab. This is why the anonymous survey in the Discovery Phase is critical. It uncovers the behavioral "why" behind the technical "what."
The secure solution
Providing Compliant Alternatives That Solve the Email Problem
The most effective control is a sanctioned tool that meets the exact need faster and more safely than shadow options. General-purpose chatbots require users to paste context, manage hallucinations, and worry about data retention. Email-native assistants that rewrite directly inside Outlook eliminate that step entirely.
Professionally is one such focused tool. It operates natively inside Outlook desktop, web, Chrome, and iOS keyboards, offering tone options such as Professional, Diplomatic, Empathetic, or Confident. Emails are processed and immediately discarded with zero data retention.
Teams at more than 100 companies now use it daily for exactly the rejection softening, follow-up calibration, and cross-cultural phrasing tasks that previously drove shadow AI adoption. By making the approved path both seamless and secure, organizations reduce the incentive for shadow usage without slowing communication velocity. (Read more on fixing Outlook AI email overload for hybrid teams).
The Importance of Tone in Professional Communication
Why do employees risk policy violations just to rewrite an email? Because tone matters. A blunt email can cost a deal, damage a relationship, or trigger an HR complaint. If your email sounds aggressive, the recipient will spend the rest of the day thinking about the perceived slight instead of doing the work. Point is, providing a tool that fixes tone natively isn't just a security win; it is a massive upgrade to organizational culture. (Learn how to write an angry email professionally).
The path forward
Turning Visibility into Lasting Governance
The recent surge in unauthorized AI usage reflects a structural mismatch between employee needs and IT-approved tools. Mid-market M365 organizations that treat this moment as an audit-and-govern opportunity rather than a crackdown will emerge with better visibility, lower risk, and higher email quality. (Ensure your approach meets EU AI Act compliance standards).
The practitioners who have lived through shadow IT waves know the pattern. Discovery leads to uncomfortable findings, and findings lead to controls. Controls work best when paired with usable, compliant alternatives that understand tone and context without ever exporting sensitive threads.
Your next security audit shouldn't just block bad habits. It should enable better, safer communication.
FAQ
Shadow AI in Outlook includes any unauthorized generative tool used to draft or improve emails. Common examples are browser-based assistants, unapproved add-ins, or personal accounts where employees paste email content. The defining characteristic is a lack of IT visibility or governance, even if the tool improves clarity.
Despite massive investments in formal AI initiatives, many organizations rolled out complex tools that didn't fit daily workflows. Employees bridged the gap with personal tools, especially for email drafting. Inbox pressure, tone anxiety, and the slow deployment of secure enterprise options drove this rapid, unauthorized adoption.
Begin with Defender for Cloud Apps to catalog usage, cross-reference Intune for browser extensions, and review Entra sign-in logs. Layer in anonymous user surveys to understand email habits. Microsoft recommends discovering tools, blocking unsanctioned access, protecting data, and governing interactions with strict audit controls.
The primary risks are data exfiltration of sensitive information contained in email threads, regulatory noncompliance, and increased breach costs. Email's unstructured nature makes it a high-value target. Once content leaves the tenant, organizations lose all visibility into model training, data retention, or secondary leaks.
Professionally provides a native, zero-retention AI email rewriter directly inside Outlook, Chrome, and iOS keyboards. It offers specific tone controls for workplace scenarios without requiring users to copy sensitive content into external tools. This gives IT a compliant alternative that addresses productivity needs while maintaining full data control.
Write better emails in seconds
Professionally rewrites your emails instantly, adjusting tone, clarity, and length for any situation.
Try it free