Netwrix, a Frisco, Texas-based cybersecurity vendor specializing in data security and identity governance, today announced a significant expansion of its 1Secure SaaS platform aimed at addressing the rapidly growing challenges of artificial intelligence governance in hybrid Microsoft environments. The new capabilities, unveiled on June 23, 2026, include a conversational AI assistant and automated risk checks that activate within the first hour of deploying Microsoft 365 Copilot, enabling organizations to lock down potential oversharing and compliance gaps before they are exploited.

The launch underscores a pressing need: as Microsoft 365 Copilot becomes more embedded in daily workflows, security teams are struggling to keep pace with the data exposure it introduces. Copilot’s ability to surface and summarize content across emails, documents, Teams chats, and SharePoint sites—while transformative for productivity—can inadvertently expose sensitive information if permissions are not meticulously governed. Netwrix 1Secure’s new AI governance module aims to close this gap by providing real-time visibility and automated remediation across both cloud and on-premises resources.

“Most organizations have no idea how much data Copilot is actually accessing, and manual audits take weeks,” said a company spokesperson in a briefing. “Our hour-one risk checks provide an instant baseline, and the conversational assistant lets security teams ask plain-language questions to dig deeper—no query syntax required.”

The conversational assistant, which appears to be an integrated large language model interface within the 1Secure console, allows administrators to interact with their security posture using natural language. For example, a user could ask, “Show me all files containing financial data that Copilot can access by unprivileged users,” and receive a prioritized list of remediation steps. This feature democratizes the investigation process, lowering the skill barrier for IT generalists who may not be experts in Kusto Query Language or PowerShell scripting.

At the core of the hour-one risk checks is a rapid assessment engine that automatically scans a Microsoft 365 tenant immediately upon activation. It evaluates permissions, sensitivity labels, data classification, and identity configurations to flag overly broad access, missing encryption, and anomalous entitlements that could be exploited via Copilot prompts. The checks extend to hybrid environments by connecting to on-premises Active Directory and file servers, giving a unified view of data at rest and in motion.

Netwrix has long focused on the intersection of identity and data security, and this release integrates its established capabilities—such as user behavior analytics, privilege escalation detection, and data classification—with new AI-specific risk indicators. For instance, the platform now monitors for excessive “Create and manage Microsoft 365 Copilot agents” permissions, which could allow a compromised account to build malicious agents that harvest data without triggering conventional alerts.

Industry analysts note that AI governance is becoming a Board-level priority. Gartner predicts that by 2027, 45% of organizations will have experienced at least one material AI-related data breach, driven largely by improper access controls. Microsoft, for its part, has built governance tools into the Purview compliance portal, but many enterprises find them complex to configure and lacking in hybrid visibility. Netwrix 1Secure aims to fill that void with an agentless architecture that can be deployed in minutes.

The platform’s dashboard now includes an “AI Exposure Score” that quantifies risk on a 0–100 scale, similar to Microsoft’s Secure Score, but tailored specifically to data accessed by AI services. This score breaks down into categories such as “Oversharing Risk,” “Sensitive Data at Rest,” and “Unmonitored Identities.” It also provides trend lines to track improvement over time.

One early adopter, a multinational manufacturing firm, reportedly used the hour-one checks to uncover 14,000 items containing proprietary designs that were accessible to Copilot via inherited SharePoint permissions—a finding that “would have taken weeks to surface with manual tools,” according to the company’s CISO.

Beyond the flashy conversational assistant, Netwrix 1Secure’s AI governance module includes a comprehensive policy engine that can automatically remediate problems. For example, administrators can create rules to: “If any file with a ‘Highly Confidential’ label is accessible by more than 10 users via Copilot, revoke access and notify the data owner.” This closed-loop approach reduces the window of exposure from weeks to minutes.

The new features are fully integrated with Microsoft 365, Azure AD/Entra ID, and on-premises Windows Server environments via lightweight connectors. Netwrix emphasizes that no agent installation is required on endpoints or servers, which simplifies deployment in environments with strict change-control processes.

The Hybrid Challenge: Where Clouds and Server Rooms Collide

The phrase “hybrid Microsoft environment” is not mere marketing fluff. A 2025 ESG survey found that 72% of enterprises still rely on Active Directory as their primary identity backbone, while simultaneously adopting Azure AD for cloud services. This duality creates a fragmented security posture. Permissions set in on-premises AD groups can propagate into Microsoft 365 via Azure AD Connect, meaning a misconfigured on-prem group can inadvertently grant Copilot access to sensitive data stored in SharePoint Online. Traditional cloud access security brokers (CASBs) often miss these connections because they lack deep visibility into on-prem directory structures and file shares.

Netwrix 1Secure’s agent architecture addresses this by deploying lightweight connectors on domain controllers and file servers. These connectors inventory permissions, data classifications, and identity attributes, then map the entire access chain. The new AI governance module extends this mapping to explicitly model how Copilot traverses that chain. For example, it can show the path from an on-prem AD security group, synced to an Azure AD group, which is then assigned to a SharePoint site where files are indexed by Copilot. Such a lineage view is invaluable for auditors and security architects.

Why Hour One Matters

Microsoft 365 Copilot becomes active the moment a license is assigned. There is no “staging” mode where security teams can safely test data exposure. The hour-one risk checks from Netwrix are designed to close that gap by providing a pre-flight assessment that can be run immediately after licensing but before end-users start prompting. According to Netwrix, the checks analyze over 50 risk indicators, including:

  • Number of files with “full control” permissions for unauthenticated or external users
  • Presence of sensitive data types (PII, PHI, financials) in publicly accessible Teams channels
  • Accounts with privileged roles that have not been reviewed in 90 days
  • SharePoint sites with unique permissions that override top-level access controls
  • On-prem file shares with “Everyone” Read access mapped to Azure files

The output is a prioritized action plan that security teams can tackle in order of potential blast radius. For organizations that have already deployed Copilot, the checks can still be run retroactively to identify existing exposures, but Netwrix emphasizes that pre-deployment scanning yields the greatest risk reduction.

The Conversational Assistant in Depth

The conversational assistant is built on a fine-tuned large language model, securely hosted within Netwrix’s SOC 2 Type II compliant infrastructure. It has been trained on thousands of common security queries and integrates with the 1Secure API to retrieve real-time data. Unlike general-purpose LLMs, it is constrained to the governance context, reducing hallucinations. Users can type or speak natural language requests, and the assistant can perform actions like creating reports, initiating scans, or even walking an admin through a step-by-step remediation.

Early screenshots suggest an interface similar to Microsoft’s own Copilot side panel, with a chat window alongside the main dashboard. Suggested prompts float above the input field, such as “Show me my top 5 data security risks related to AI” or “Generate a report for my compliance officer on Copilot access.” The assistant can also interpret follow-up questions, enabling a dialogue that narrows down root causes.

One of the more innovative aspects is the assistant’s ability to explain technical concepts. For instance, a junior IT staffer might ask, “What is oversharing and why is it a problem for Copilot?” The assistant would provide a concise definition and then link to relevant incidents in the tenant. This educational angle addresses the skills gap that plagues many small and medium-sized IT teams.

Real-World Impact: Reducing Manual Audit Effort

A typical mid-sized enterprise might have 50,000 files across SharePoint, OneDrive, and on-prem file servers, with 200,000 unique permission entries. Manual auditing for Copilot preparedness could take a dedicated person three weeks, according to Netwrix’s internal testing. The hour-one checks complete the same analysis in under 10 minutes. For large enterprises, the time savings are even more dramatic. This speed allows security teams to be more agile, running checks after every major permission change or when new Copilot features are introduced.

Integration with Existing Workflows

Netwrix has ensured that the new capabilities feed into existing incident response and IT service management tools. Alerts generated by the risk checks can be forwarded via syslog or webhook to SIEM solutions like Microsoft Sentinel, Splunk, or ServiceNow. This means security operations centers can incorporate AI governance into their standard playbooks without ripping and replacing existing monitoring infrastructure.

The Regulatory Landscape

The EU AI Act’s high-risk categorization for AI systems used in employment, education, and critical infrastructure decisions means that many Copilot use cases will fall under scrutiny. Organizations must demonstrate that they have conducted risk assessments and implemented appropriate safeguards. Netwrix 1Secure’s automated reporting can output evidence for specific controls, such as data minimization and access limitation. This could become a critical buying criterion for European customers.

Similarly, in the United States, the SEC’s proposed rules on AI risk disclosure would require public companies to detail how they manage AI-related risks. Having a robust governance platform could provide the necessary artifacts to satisfy disclosure requirements.

What’s Next

Netwrix has hinted at a forthcoming feature called “Adaptive AI Governance Policies,” which would use machine learning to analyze user behavior and automatically adjust permissions based on observed patterns. For example, if the system detects that a marketing team rarely accesses financial reports, it could suggest (or optionally automatically implement) removal of those permissions, reducing Copilot’s potential data footprint. This feature is currently in beta and expected by Q4 2026.

In the meantime, the current release is available to all 1Secure customers as an add-on module. A free 30-day trial is offered for organizations that want to test the waters. Netwrix also announced a companion professional services package to help enterprises design comprehensive AI governance policies, suggesting that while the tool is accessible, the broader governance framework still requires human expertise.

Community Reaction

Although the announcement just broke, initial reactions on forums like r/sysadmin and the Microsoft tech community are cautiously optimistic. “Finally, someone is addressing the Copilot data sprawl problem,” wrote one commenter. Another noted, “The conversational assistant sounds gimmicky, but if it saves me from writing KQL queries at 2 a.m., I’m all for it.” Concerns have been raised about cost, but Netwrix has a history of competitive pricing for the SMB market, so expectations are for an affordable tiered model.

Conclusion

Netwrix’s expansion of 1Secure into AI governance marks an inflection point for hybrid Microsoft environments. By combining an hour-one rapid assessment, a natural language assistant, and deep hybrid visibility, the platform demystifies the often opaque world of Copilot data access. For Windows administrators and IT leaders, it’s a tool that promises to reduce risk without adding operational burden. As AI becomes more embedded in the enterprise, such proactive governance will not be a luxury but a necessity.