There’s a reason Nerdio went deep in the Microsoft cloud. It’s the same reason N-able’s new breach prevention product targets Microsoft 365 and why so many cloud-to-cloud backup products support Microsoft 365, maybe Google Workspace, and not much else.

A lot of businesses run Microsoft 365. Microsoft was north of 400 million paid Office 365 seats a year ago, and is presumably pushing half a billion by now. Supporting all those users is easily the biggest SaaS-related revenue opportunity for MSPs today.

And yet not the only one. I’m writing this post on a Microsoft 365 app, but have Trello, Notion, Zoom, and a couple of different Zoho solutions purring quietly in the background as I do so. You’re undoubtedly in and out of Slack, Salesforce, HubSpot, and other non-Microsoft SaaS apps all day too.

If you’re an MSP, your customers are using those and similar systems as well. The only question is whether they—or you—know about it. Shadow IT has been a problem in technology for a long time, but it’s become endemic in the age of SaaS and smartphones.

And extra endemic, it seems, in the age of AI. Half of employees surveyed by Software AG last year admitted to using unauthorized, bring-your-own-AI at work.

Aggregated, anonymized data shared with me by network and SaaS management vendor Auvik this week makes the phenomenon a little easier to see. I don’t know how much of the time people spend in DeepSeek at work is authorized at present, but I can safely say none of it was late in January when the world first encountered the Chinese genAI service. And yet just in that initial headline-grabbing week, there was a lot of DeepSeek traffic crossing corporate networks.

There’s a lot of ChatGPT traffic flowing around businesses these days too. The OpenAI service jumped from 28^th place to 13^th in Auvik’s active SaaS usage rankings just between January and March this year.

“That means it’s more used than something like an Atlassian, a Smartsheet, an Amazon Web Services,” notes John Harden, Auvik’s director of strategy and technology evangelism. “I don’t know if I can find an entire environment at this point that doesn’t have AI somewhere amongst the ranks of tools being used.”

A lot of those tools dwell in the shadows, moreover, a disturbing fact with like-it-or-not implications for MSPs.

“This is a place where MSPs are going to have to focus,” Harden (pictured) says. “Customers are shifting their workload into using AI, and they really don’t have visibility into it.”

Which means they don’t know how often data leakage and compliance violations, among other issues, are occurring either. Harden sees a silver lining in that for Auvik and other makers of SaaS management software for MSPs.

“For years and years and years, we’ve been pushing down this story,” he says. “SaaS management is going to be a table stake of the industry.” AI could be the issue that brings that prediction to life.

“This might be the water that breaks the dam for MSPs to say, ‘it really matters what SaaS is in our customers’ landscape. We really have to get this thing under control.’”

Which they can’t do, Harden maintains, using RMM software alone. “The core thing that RMMs tell you is what software’s being used and installed on the device,” he says. “SaaS management platforms tell you what is being used in the browser and in the cloud.”

Some of which might be ferrying data to China.