Sanctioned and shadow. Without an inventory, AI data-boundary controls are theoretical — you can't bound exposure for tools you don't know are in use.
Tenant-level controls on M365 Copilot / Google Gemini / Adobe Express AI / other sanctioned AI products. The single highest-leverage technical control in this sub-domain — once enforced, district inputs no longer feed vendor model training.
Hard finding · AI training opt-out not enforced
Without tenant-level training opt-out enforced across sanctioned AI tools, district data — including student inputs — may be retained for vendor model training. This is the highest-leverage technical control in the sub-domain; resolve before scoping anything else.
Who can use which AI tools, with which data class. Different from Cyber IAM (which controls access generally) — this asks specifically about AI-tool access scope and data-sensitivity gating.
AI capabilities change month-to-month — new copilots, new data-handling defaults, new agent surfaces. Static inventory becomes stale fast; review cadence keeps controls current.