🛡️ Shadow AI to Managed AI: Implementing Governance for Autonomous Agents | Guardians of M365 Governance Ep. 28Your employees are already building autonomous AI agents — just not inside your tenant. In Episode 28, MVPs Christian Buckley (@buckleyplanet), Joy Apple (@JoyOfSharePoint), and Ragnar Heil (@RagnarH) welcome fellow MVP and Microsoft Cloud IT Pro podcast host Ben Stegink to tackle one of the toughest challenges in Microsoft 365 today: how to govern autonomous AI agents without killing innovation.We dig into the real tension behind Shadow AI: the harder you lock things down, the more users push toward unsupported tools. The same lesson the SharePoint community learned a decade ago is back — but amplified by Copilot, Claude, ChatGPT, and an explosion of MCP servers. Where do you draw the line between supported, allowed, and blocked?This conversation is packed with practical patterns: Quality Gates for agent approval, Agent 365 and Purview DSPM for AI, sandboxing strategies for open-source agents like Claude Code, and why the answer is almost never technological — it's conversational.━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━🔑 KEY TAKEAWAYS━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━✅ Why "supported vs. allowed" is the most important governance distinction in 2026✅ The 6-question Quality Gate every autonomous agent approval needs✅ How to sandbox open-source AI agents safely (Ragnar's HP ZX Nano + Nemo Claude setup)✅ Agent 365 (GA May 1) — treating agents like users with DLP and Conditional Access✅ When to choose Copilot vs. Claude vs. ChatGPT — and how to keep confidential data inside the right boundary✅ Why Microsoft Defender for Cloud + open dialogue beats blanket bans━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━⏱️ TIMESTAMPS━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━00:00 Welcome & catching up02:05 Episode 28 intro — Shadow AI to Managed AI02:44 Welcome guest Ben Stegink (MVP, Microsoft Cloud IT Pro podcast)04:15 Hardware recommendations: Elgato, Logitech, Stream Deck MCP06:20 The hype curve vs. practical reality of AI07:43 First agent everyone builds: the daily digest agent09:00 Why Notion + Claude beats native M365 for many use cases11:25 The demo gap: smoke, mirrors, and licensing reality12:00 Supported vs. Allowed — the critical IT distinction13:50 Why Claude Code with full filesystem access scares enterprises14:41 Ragnar's Nemo Claude sandbox setup (HP ZX Nano, NVIDIA, isolated endpoints)17:30 Lockdown vs. usability — the eternal governance trade-off18:31 The Yammer parallel: lessons from the SharePoint cloud transition20:50 Why provisioning is easy — Quality Gates are the real work22:35 Data sensitivity and autonomous agents24:12 Agent 365: treating AI agents like users with DLP and Conditional Access26:15 Risk vs. reward: blocking data the agent might actually need27:25 Copilot vs. Claude — the security moat conversation30:25 Ragnar's separation strategy: Copilot for work, Claude for personal31:55 Memory as the new AI productivity differentiator32:30 Ben's hybrid setup with Asana, Notion, and multiple calendars34:14 PowerShell and Python scripting — where Claude excels35:25 Why Claude beats Copilot for document and PowerPoint formatting38:09 Bringing it back to governance: handling NDA and confidential content38:50 Purview DSPM for AI — the auditable middle ground39:30 Joy's call: make IT a safe space for business conversations41:30 Why "the department of no" pushes innovation into the shadows42:10 Microsoft Defender for Cloud — visibility into Shadow AI usage43:20 Rain O'Neal's wisdom: "Don't be the CIO" (CI-No)43:45 Wrap-up and closing thoughts━━━━━━━━━━━━━━━━━━━━━━━━━━━━🟦 Christian Buckley (@buckleyplanet)▸ Blog: https://buckleyplanet.com▸ X: https://x.com/buckleyplanet▸ LinkedIn:   / cbuck  🟪 Joy Apple (@JoyOfSharePoint)▸ X: https://x.com/joyofsharepoint🟧 Ragnar Heil (@RagnarH)▸ Blog: https://ragnarheil.de▸ X: https://x.com/ragnarh▸ LinkedIn:   / ragnarheil