AI App Discovery and Governance

About This Lab

This lab covers AI App Governance using Microsoft Defender for Cloud Apps. the practice of discovering, assessing, and controlling AI and large language model (LLM) applications across your organization. With the rapid adoption of generative AI, employees often use tools like ChatGPT, Google Gemini, Claude, and dozens of other AI services without IT approval. creating shadow AI risks. You will learn how to use Cloud Discovery to identify AI app usage, assess risk scores based on data handling and compliance posture, enforce session policies with Conditional Access App Control to block sensitive data uploads to AI services in real time, and build governance policies that balance productivity with data protection.

🎯 What You Will Learn

1. Discover AI and LLM applications in Cloud Discovery logs
2. Identify shadow AI usage: ChatGPT, Gemini, Claude, Midjourney, etc.
3. Assess AI app risk scores based on data handling and compliance
4. Create app policies to sanction or unsanction AI applications
5. Configure session policies with Conditional Access App Control for AI tools
6. Monitor data uploads to AI services in real-time
7. Block paste of sensitive data into AI chat interfaces
8. Create DLP policies scoped to AI application categories
9. Set up alerts for bulk data transfers to AI platforms
10. Integrate with Insider Risk Management for AI misuse detection
11. Build an AI app usage dashboard
12. Configure governance policies for approved AI tools
13. Monitor API-based AI integrations and OAuth consent
14. Create compliance reports for AI app usage
15. Build an enterprise AI application governance framework

🏢 Enterprise Scenario

A technology consulting firm with 8,000 employees discovers that over 400 employees are using unauthorized AI tools including ChatGPT, Claude, and various AI coding assistants. Employees are pasting client code, financial projections, and legal documents into these tools. The security team needs to discover all AI app usage, assess risks, block unauthorized data sharing, and establish an approved AI app catalogue with proper governance controls.

• Microsoft 365 E5 or E5 Security licence
• Microsoft Defender for Cloud Apps licence
• Conditional Access licensing (included in Entra ID P1/P2)
• Cloud Discovery configured with log collectors or Defender for Endpoint integration
• Test user accounts in a pilot group for session policy testing

In Defender for Cloud Apps, navigate to Cloud Discovery > Discovered apps. Filter by the Generative AI category to see all AI applications detected in network traffic. Review the risk score, user count, data volume, and compliance certifications for each AI app.

Review each AI application's data handling policies, training data usage terms, and compliance certifications. Tag apps as Sanctioned (approved for use), Unsanctioned (blocked), or Under Review. Create app policies to automatically block unsanctioned AI applications at the network level.

Deploy Conditional Access App Control to proxy AI application sessions and enforce real-time policies that monitor and block sensitive data uploads.

Portal Instructions

1. Navigate to Entra ID > Conditional Access > + New policy
2. Name: CA-AI-Session-Control
3. Users: All users (or a pilot group)
4. Cloud apps: select Microsoft Defender for Cloud Apps
5. Session controls: enable Use Conditional Access App Control > Monitor only (initially)
6. In Defender for Cloud Apps, go to Policies > Session policies > + Create policy
7. Session policy type: Control file upload (with inspection)
8. Activity source: filter by app category Generative AI
9. Inspection method: Data Classification Service
10. Action: Block when content matches sensitivity labels Highly Confidential or Restricted

Use the session monitoring dashboard to observe live user sessions with AI applications and identify sensitive data being shared in real time.

Portal Instructions

1. Navigate to Defender for Cloud Apps > Activity log
2. Filter by: Activity type = Upload, App category = Generative AI
3. Review file names, sizes, and sensitivity labels of uploaded content
4. Click on individual activities to see the full session timeline
5. Identify patterns: which departments upload the most data, which AI apps receive the most sensitive content

Activity Query

// ---------------------------------------------------------------
// PURPOSE: Find all file uploads to AI and LLM services in the last 7 days.
// WHY: Employees may upload sensitive documents, source code, or
//      customer data to AI tools without realising the data-loss risk.
//      This query surfaces who is uploading, how much, and to which AI app.
// HOW TO USE: Run in Defender XDR > Hunting > Advanced hunting,
//      or in Microsoft Sentinel if CloudAppEvents is ingested.
// OUTPUT COLUMNS:
//   Application - the AI service name (ChatGPT, Claude, Gemini, etc.)
//   UploadCount - total file uploads in the 7-day window
//   UniqueUsers - distinct users uploading to that app
//   TotalBytes - total data volume uploaded (in bytes)
// INTERPRETATION:
//   High UniqueUsers with low UploadCount per user = normal exploration.
//   One user with very high UploadCount = potential data exfiltration.
//   Large TotalBytes to consumer AI apps = high-priority investigation.
// ---------------------------------------------------------------
CloudAppEvents
| where TimeGenerated > ago(7d)
| where ActionType == "FileUploaded"
| where Application has_any ("ChatGPT", "Claude", "Gemini", "Midjourney", "Copilot")
| summarize UploadCount=count(), UniqueUsers=dcount(AccountId),
    TotalBytes=sum(FileSize) by Application
| order by UploadCount desc

Configure session policies that detect and block the paste of sensitive content into AI chat interfaces in real time.

Portal Instructions

1. In Defender for Cloud Apps, go to Policies > Session policies > + Create policy
2. Policy template: Block upload of files matching sensitivity labels
3. Session control type: Control file upload (with inspection)
4. Activity filters:
   • App category: Generative AI
   • Activity type: Upload and Print/paste content
5. Content inspection: enable Data Classification Service
6. Match condition: content includes credit card numbers, SSN, API keys, or files with label Highly Confidential
7. Action: Block with custom notification: "Pasting sensitive data into AI tools is not permitted. Contact IT Security for approved alternatives."

Extend Microsoft Purview DLP policies to cover data shared with AI applications through Defender for Cloud Apps integration.

Portal Instructions

1. Navigate to Microsoft Purview > Data loss prevention > Policies > + Create policy
2. Template: Custom policy
3. Name: DLP-AI-Data-Protection
4. Locations: enable Defender for Cloud Apps instances
5. Conditions: content contains sensitive info types (PII, financial data, health records, source code patterns)
6. Actions:
   • High confidence match: Block access
   • Medium confidence match: Warn and require business justification
   • Low confidence match: Audit only
7. User notifications: enable policy tip explaining why the action was blocked
8. Incident reports: send to Security Operations DL

Create anomaly detection policies that alert when users transfer unusually large volumes of data to AI platforms.

Portal Instructions

1. Navigate to Defender for Cloud Apps > Policies > + Create policy > Activity policy
2. Name: Bulk-Data-Transfer-AI
3. Act on: Repeated activity
4. Filters:
   • App category = Generative AI
   • Activity type = Upload
5. Threshold: More than 20 uploads in 30 minutes by a single user
6. Actions: Send alert to SOC, Suspend user (for critical data transfers)

KQL: Bulk Transfer Detection

// ---------------------------------------------------------------
// PURPOSE: Detect users who are uploading unusually large volumes
//          of data to AI services in short time windows (30 min).
// WHY: Bulk uploads to AI platforms are a strong indicator of either
//      data exfiltration (intentional) or risky copy-paste habits
//      (unintentional). Normal use is a few queries; 20+ uploads
//      in 30 minutes suggests automated extraction or batch pasting.
// THRESHOLDS:
//   UploadCount > 20 - more than 20 file uploads in a 30-min window
//   TotalMB > 50 - more than 50 MB transferred in a 30-min window
//   Adjust thresholds based on your organisation's baseline.
// OUTPUT COLUMNS:
//   TimeGenerated - the 30-minute window when the activity occurred
//   AccountId - the user performing the uploads (UPN or object ID)
//   Application - which AI service received the data
//   UploadCount - number of uploads in that window
//   TotalMB - total data volume in megabytes
// ACTION: Investigate high-volume users; check if sensitive data
//   (source code, financial docs, PII) was uploaded.
// ---------------------------------------------------------------
CloudAppEvents
| where TimeGenerated > ago(24h)
| where ActionType == "FileUploaded"
| where Application has_any ("ChatGPT", "Claude", "Gemini", "Copilot")
| summarize UploadCount=count(), TotalMB=round(sum(FileSize)/1048576.0, 2)
    by AccountId, Application, bin(TimeGenerated, 30m)
| where UploadCount > 20 or TotalMB > 50
| project TimeGenerated, AccountId, Application, UploadCount, TotalMB
| order by TotalMB desc

Connect AI app usage signals to Insider Risk Management to detect employees who may be using AI tools to exfiltrate intellectual property or prepare for departure.

Configuration Steps

1. Navigate to Microsoft Purview > Insider Risk Management > Settings
2. Under Intelligent detections, verify Defender for Cloud Apps integration is enabled
3. Create or edit a policy using template: Data theft by departing users
4. Add triggering events: include Cloud app activity indicators for AI applications
5. Configure risk indicators:
   • Uploading files to unsanctioned AI apps (high weight)
   • Accessing AI apps from personal devices (medium weight)
   • Bulk paste operations into AI chat interfaces (high weight)
   • First-time use of multiple AI apps in a short period (medium weight)
6. Set alert thresholds and assign reviewers from the compliance team

Create a dashboard in Microsoft Sentinel that visualises AI app usage trends, policy violations, and risk metrics across the organisation.

Dashboard KQL Queries

// ===============================================================
// AI APP USAGE DASHBOARD - 4 tiles for a Sentinel workbook or
// Defender XDR custom detection dashboard.
// Run each query as a separate tile/visualisation.
// ===============================================================

// ---------------------------------------------------------------
// TILE 1: AI app usage summary by application (last 30 days).
// Shows which AI apps are most popular by session count and user count.
// Sessions = total interactions; Users = distinct people using the app.
// Use a bar chart: X=Application, Y=Users.
// ---------------------------------------------------------------
CloudAppEvents
| where TimeGenerated > ago(30d)
| where Application has_any ("ChatGPT", "Claude", "Gemini", "Midjourney",
    "Copilot", "Perplexity", "GitHub Copilot")
| summarize Sessions=dcount(SessionId), Users=dcount(AccountId) by Application
| order by Users desc

// ---------------------------------------------------------------
// TILE 2: Daily AI usage trend over 30 days.
// Shows adoption growth or decline. A sharp spike may indicate
// a viral AI tool spreading through a department.
// Use a line chart: X=TimeGenerated (daily), Y=DailyUsers.
// ---------------------------------------------------------------
CloudAppEvents
| where TimeGenerated > ago(30d)
| where Application has_any ("ChatGPT", "Claude", "Gemini", "Midjourney")
| summarize DailyUsers=dcount(AccountId) by bin(TimeGenerated, 1d)
| order by TimeGenerated asc

// ---------------------------------------------------------------
// TILE 3: Policy violations by policy name and application.
// Shows which DLP/session policies are triggering most often.
// High violation counts may indicate overly broad policies (tune)
// or genuine data protection issues (investigate).
// Use a stacked bar chart: X=PolicyName, Y=Violations, stack by Application.
// ---------------------------------------------------------------
CloudAppEvents
| where TimeGenerated > ago(30d)
| where ActionType == "PolicyViolation"
| where Application has_any ("ChatGPT", "Claude", "Gemini")
| summarize Violations=count() by PolicyName, Application
| order by Violations desc

// ---------------------------------------------------------------
// TILE 4: Top 10 departments using AI apps.
// Joins CloudAppEvents with IdentityInfo to resolve department names.
// Helps target AI training and governance to the heaviest-using teams.
// Use a horizontal bar chart: X=Users, Y=Department.
// ---------------------------------------------------------------
CloudAppEvents
| where TimeGenerated > ago(30d)
| where Application has_any ("ChatGPT", "Claude", "Gemini")
| join kind=inner (IdentityInfo | project AccountUPN, Department) on $left.AccountId == $right.AccountUPN
| summarize Users=dcount(AccountId) by Department
| top 10 by Users

Create governance policies that define acceptable use for sanctioned AI applications, including data classification, session duration, and acceptable use cases.

Portal Instructions

1. Navigate to Defender for Cloud Apps > Cloud app catalog
2. For each sanctioned AI app, set governance actions:
   • Microsoft 365 Copilot: Sanctioned, full access with sensitivity label enforcement
   • GitHub Copilot: Sanctioned, code-only access, block proprietary data uploads
   • ChatGPT Enterprise: Sanctioned with restrictions, session policy with DLP
   • ChatGPT Free/Plus: Unsanctioned, blocked at network level
   • Claude/Gemini: Under review, monitor only
3. Create an App policy that automatically tags newly discovered AI apps as Under Review
4. Configure monthly review cadence for AI app catalogue updates

Detect when developers and users connect AI services via OAuth or API integrations that grant access to organisational data.

Portal Instructions

1. Navigate to Defender for Cloud Apps > OAuth apps
2. Filter by app category: Generative AI
3. Review OAuth permissions granted:
   • Does the AI app have Mail.Read or Files.ReadWrite.All?
   • Was consent granted by a user or an admin?
   • What data scopes does the integration access?
4. Revoke OAuth consent for AI apps that have excessive permissions
5. Create an OAuth app policy to alert when new AI apps request high-privilege permissions

KQL: OAuth AI App Consent Monitoring

// ---------------------------------------------------------------
// PURPOSE: Monitor OAuth consent events for AI applications to
//          detect when users or admins grant AI apps access to
//          organisational data (email, files, calendar).
// WHY: A single OAuth consent to a malicious AI app can expose
//      your entire tenant's data. This query surfaces all consent
//      events for AI-related apps so you can review what permissions
//      were granted and by whom.
// OUTPUT COLUMNS:
//   TimeGenerated - when the consent was granted
//   AccountId - which user clicked "Allow"
//   Application - the AI app name
//   ConsentType - "AllPrincipals" (admin consent) or "Principal" (user)
//   Permissions - the scopes granted (e.g. Mail.Read, Files.ReadWrite.All)
// RED FLAGS: Admin consent to unrecognised AI apps; user consent
//   granting Mail.ReadWrite or Files.ReadWrite.All to any AI app.
// ---------------------------------------------------------------
CloudAppEvents
| where TimeGenerated > ago(30d)
| where ActionType == "Consent to application"
| where Application has_any ("ChatGPT", "Claude", "Gemini", "OpenAI",
    "Anthropic", "ai", "copilot")
| project TimeGenerated, AccountId, Application,
    ConsentType=tostring(RawEventData["ConsentType"]),
    Permissions=tostring(RawEventData["Permissions"])
| order by TimeGenerated desc

Generate compliance reports documenting AI app usage, policy violations, and remediation actions for audit and regulatory purposes.

Report Components

1. AI App Inventory: list of all discovered AI applications with risk scores and sanction status
2. Data Exposure Summary: volume and types of sensitive data shared with AI services
3. Policy Violation Log: all DLP and session policy matches with user details and resolution
4. OAuth Consent Audit: applications granted access to organisational data via AI integrations
5. User Risk Report: users with the highest AI-related risk scores from Insider Risk Management
6. Remediation Actions: apps blocked, sessions terminated, users notified, and policies updated

Portal Instructions

1. Navigate to Defender for Cloud Apps > Cloud Discovery > Cloud Discovery dashboard
2. Click Generate report > filter by Generative AI category
3. Export as PDF for compliance team distribution
4. Schedule monthly automated report delivery to the CISO and DPO

Establish a curated catalogue of approved AI tools with usage guidelines, data handling requirements, and acceptable use policies.

Catalogue Framework

1. Define AI app evaluation criteria: data residency, encryption, SOC 2 compliance, GDPR readiness, training data usage policy
2. Create three tiers:
   • Tier 1 (Unrestricted): enterprise-licensed AI tools with data processing agreements (Microsoft 365 Copilot, GitHub Copilot Enterprise)
   • Tier 2 (Restricted): approved with session controls and DLP (ChatGPT Enterprise, selected AI coding tools)
   • Tier 3 (Blocked): consumer-grade AI tools with no enterprise agreements
3. Publish the catalogue on the company intranet with request forms for new AI tool evaluations
4. Configure Defender for Cloud Apps to enforce tier-based access automatically

Establish a recurring governance process to review AI app risks, update policies, and adapt to new AI tools entering the market.

Governance Cadence

1. Weekly: review AI policy violation alerts and investigate high-risk incidents
2. Monthly: review AI app discovery report, evaluate new AI tools, update sanctioned/unsanctioned lists
3. Quarterly: full governance review with stakeholders (Security, Legal, IT, HR, Business units)
4. Create an AI Governance Committee with representatives from each department
5. Document all decisions in a governance register: app evaluations, policy changes, exception approvals

Synthesise all the controls implemented in this lab into a comprehensive AI governance framework that aligns with regulatory requirements and industry best practices.

Framework Components

1. Discovery & Visibility: Cloud Discovery for AI apps, usage dashboards, OAuth monitoring
2. Classification & Labelling: AI app risk scoring, sanctioned/unsanctioned categorisation, tiered catalogue
3. Protection & Prevention: Session policies, DLP, paste blocking, network-level blocks for unsanctioned apps
4. Detection & Response: Bulk transfer alerts, Insider Risk integration, anomaly detection
5. Compliance & Reporting: Automated compliance reports, audit trails, governance register
6. Governance & Oversight: AI Governance Committee, review cadence, exception management

Executive Summary KQL

// ---------------------------------------------------------------
// PURPOSE: Generate an executive-level AI governance summary showing
//          total sessions, unique users, apps used, violations, and
//          the overall violation rate across all AI platforms.
// WHY: Leadership needs a single-number view of AI risk. The violation
//      rate (violations / total sessions * 100) tells you what percentage
//      of AI interactions triggered a DLP or session policy - a key
//      metric for tracking governance effectiveness over time.
// HOW IT WORKS:
//   1. ai_apps: calculates total sessions, unique users, unique apps
//   2. violations: calculates total policy violations and violating users
//   3. Join on a dummy key (d=1) to combine into one summary row
// OUTPUT COLUMNS:
//   TotalSessions - total AI app interactions in 30 days
//   UniqueUsers - distinct employees using AI apps
//   UniqueApps - number of different AI apps in use
//   TotalViolations - DLP/session policy violations triggered
//   UsersViolating - distinct users who triggered at least one violation
//   ViolationRate - percentage of sessions that violated policy
// INTERPRETATION: ViolationRate < 1% = policies working well.
//   ViolationRate > 5% = policies may be too broad (tune) or users
//   need more training on acceptable AI use.
// ---------------------------------------------------------------
let ai_apps = CloudAppEvents
| where TimeGenerated > ago(30d)
| where Application has_any ("ChatGPT", "Claude", "Gemini", "Midjourney", "Copilot")
| summarize TotalSessions=count(), UniqueUsers=dcount(AccountId),
    UniqueApps=dcount(Application);
let violations = CloudAppEvents
| where TimeGenerated > ago(30d)
| where ActionType == "PolicyViolation"
| where Application has_any ("ChatGPT", "Claude", "Gemini")
| summarize TotalViolations=count(), UsersViolating=dcount(AccountId);
ai_apps | extend d=1
| join kind=inner (violations | extend d=1) on d
| project TotalSessions, UniqueUsers, UniqueApps, TotalViolations, UsersViolating,
    ViolationRate=round(TotalViolations*100.0/TotalSessions, 2)

What You Accomplished

• Discovered shadow AI applications across the organisation using Cloud Discovery
• Assessed and categorised AI apps by risk score and compliance posture
• Configured session policies with Conditional Access App Control for AI tools
• Blocked sensitive data uploads and paste operations into AI chat interfaces
• Created DLP policies scoped to AI application categories
• Integrated AI usage signals with Insider Risk Management
• Built AI app usage dashboards and compliance reports
• Established an approved AI app catalogue with tiered access controls
• Designed an enterprise AI governance framework

Next Steps

• Configure Defender for Cloud DSPM for AI to secure Azure-hosted AI workloads
• Implement Purview DSPM for AI for data classification in AI interactions
• Extend session policies to mobile devices using Intune MAM integration
• Present the AI governance framework to the executive leadership team for endorsement