Listen to this Post
Introduction:
Shadow AI refers to unauthorized or unmanaged AI tools and agents running on corporate devices, creating significant data leakage and compliance risks. Microsoft Intune’s new “A365 – Monitor OpenClaw” policy, automatically generated when enabling Shadow AI detection in Agent 365, uses a read‑only Settings Catalog node called Local AI Agent to inventory AI agents on managed Windows machines without deploying any configuration changes.
Learning Objectives:
- Understand how to enable Agent 365’s Shadow AI detection and trigger the automatic creation of the A365 Monitor OpenClaw policy.
- Learn to interpret the nine specific properties collected by the policy, including agent name, version, execution context, and installation scope.
- Gain hands‑on skills to manually enumerate local AI agents using PowerShell and the Intune Management Extension (IME), plus methods to audit, block, or mitigate shadow AI risks.
- Enabling Shadow AI Detection in Agent 365 (Step‑by‑Step)
The A365‑Monitor OpenClaw policy activates only after you turn on continuous detection for managed devices. Follow these steps in Microsoft Intune:
- Access Agent 365 – In the Microsoft Intune admin center, navigate to Endpoint security → Agent 365 (or search for “Agent 365” under Devices > Configuration).
- Enable Shadow AI – Locate the Shadow AI blade. Toggle Continuously detect managed devices to On.
- Confirm Policy Creation – Within 5–10 minutes, Intune automatically creates a new device configuration profile:
`Devices` → `Configuration` → `A365 – Monitor OpenClaw`.
- Review the Profile – Click on the policy. Under Properties, note the Settings Catalog node called Local AI Agent. Unlike typical configuration profiles, this is a Properties catalog profile – it reads telemetry only and does not alter registry or file settings.
⚠️ The policy deploys via the Intune Management Extension (IME) to all Windows devices in the assigned groups. No user interaction is required, and there is no performance impact beyond the daily inventory scan.
- Understanding the A365 – Monitor OpenClaw Policy Properties
The policy collects nine specific data points from each detected AI agent. This information is sent to the Microsoft Intune console and can be exported or queried via Graph API.
| Property | Description | Example |
|-|-||
| Agent Name | Canonical identifier for the AI agent type | ollama, llama.cpp, `text-generation-webui` |
| Agent Version | Version string of the agent | `0.1.48` |
| Host Process | Parent process executing the agent | ollama.exe, `python.exe` |
| Install Location | Filesystem path to the agent | `C:\Users\jdoe\AppData\Local\ollama` |
| Install Scope | `Per-user` vs `Per-machine` | `Per-user` |
| Install Scope Platform User ID | Windows SID of the installing user | `S-1-5-21-…` |
| Install Scope User ID | Entra ID user identifier (object ID) | `a1b2c3d4-…` |
| Local AI Agent Execution Context | Privilege level | user, elevated, `SYSTEM` |
| Last Detection Time | Timestamp of the scan (every 24h) | `2025-04-03T14:22:10Z` |
All collected data resides within the Intune Discover section (preview). To view raw results, go to `Devices` → `Monitor` → `Discovered apps` (filter by “AI Agent”).
- Manual Inspection of Local AI Agents Using PowerShell (IME and Registry)
While Intune automates collection, security teams may want to verify findings or scan non‑managed devices. Use these PowerShell commands to replicate the OpenClaw logic manually on any Windows machine.
Discover AI Agent Installations via Common Paths
Scan known shadow AI install directories
$paths = @(
"$env:LOCALAPPDATA\ollama",
"$env:APPDATA\ollama",
"$env:LOCALAPPDATA\llama.cpp",
"$env:ProgramFiles\Ollama",
"$env:LOCALAPPDATA\lm-studio",
"$env:USERPROFILE.cache\huggingface"
)
$paths | ForEach-Object {
if (Test-Path $<em>) {
Write-Host "Found: $</em>" -ForegroundColor Green
Get-ChildItem $_ -Filter .exe -Recurse -ErrorAction SilentlyContinue | Select-Object FullName, VersionInfo
}
}
Enumerate Running AI‑Related Processes and Their Execution Context
Get-Process | Where-Object { $<em>.ProcessName -match "ollama|llama|text-generation|python|node" } |
Select-Object Name, Id, @{Name='User';Expression={(Get-WmiObject -Class Win32_Process -Filter "ProcessId = $($</em>.Id)").GetOwner().User}}
Query the Intune Management Extension (IME) Logs for AI Agent Detection
The IME logs all inventory actions in C:\ProgramData\Microsoft\IntuneManagementExtension\Logs. Filter for “Local AI Agent”:
Get-ChildItem "C:\ProgramData\Microsoft\IntuneManagementExtension\Logs.log" | Select-String "Local AI Agent" -Context 2
- Automating Shadow AI Audits with Microsoft Graph API (API Security)
For enterprise‑wide reporting, use the Microsoft Graph API to extract OpenClaw policy findings. This requires an app registration with `DeviceManagementConfiguration.Read.All` and `DeviceManagementManagedDevices.Read.All` permissions.
PowerShell: Query Devices with Detected AI Agents
$uri = "https://graph.microsoft.com/beta/deviceManagement/detectedApps?`$filter=displayName%20eq%20'Local%20AI%20Agent'&`$expand=managedDevices"
$result = Invoke-MgGraphRequest -Uri $uri -Method Get
$result.value | ForEach-Object {
[bash]@{
DeviceName = $<em>.managedDevices.deviceName
AgentName = $</em>.properties.agentName
Version = $<em>.properties.version
Context = $</em>.properties.executionContext
}
}
Linux Alternative: Detecting Local AI Agents (for Cross‑Platform Environments)
Although the A365 policy is Windows‑only, security teams can use these Linux commands to find shadow AI agents on Ubuntu/RHEL:
Find Ollama, Llama.cpp, or Hugging Face instances ps aux | grep -E "ollama|llama|text-generation" | grep -v grep find /home -name "ollama" -o -name "llama.cpp" 2>/dev/null systemctl list-units --type=service | grep -i llama
- Hardening and Mitigation: Block Shadow AI with AppLocker and Defender
Once shadow AI agents are detected, take action to prevent unauthorized executables.
Create Intune Remediation Script to Kill and Quarantine Unapproved AI Agents
Remediation: Detect and block ollama.exe if not approved
$blockList = @("ollama.exe", "llama-server.exe", "text-generation-webui.exe")
$processes = Get-Process | Where-Object { $blockList -contains $_.ProcessName }
foreach ($p in $processes) {
Stop-Process -Id $p.Id -Force
Write-Host "Terminated $($p.ProcessName) (PID $($p.Id))"
}
Add to AppLocker deny rule (if configured)
Windows Defender Attack Surface Reduction (ASR) Rule to Block AI Execution
Deploy via Intune: `Endpoint security` → `Attack surface reduction` → Create rule:
– GUID: `D4F940AB-401B-4EFC-AADC-AD5F3C50688A` (Block executable files from running unless they meet a prevalence, age, or trusted list criterion)
– Add custom paths: %USERPROFILE%\AppData\Local\ollama\.exe, `%APPDATA%\llama.cpp\.exe`
Cloud Hardening: Restrict AI Model Downloads via Network Filtering
Use Azure Firewall or Microsoft Defender for Cloud to block known shadow AI repositories:
Blocklist for model caches and download endpoints ollama.com huggingface.co (specific model paths) github.com/jmorganca/ollama (release assets)
- Exploiting the 24‑Hour Refresh Gap – Red Team Perspective
The OpenClaw policy refreshes every 24 hours. This window allows an attacker to deploy a malicious AI agent, execute it, and remove traces before the next scan. Simulate this attack to validate detection:
Attacker on compromised Windows (Cobalt Strike / Meterpreter) Step 1: Deploy a fake "AI agent" (e.g., mimic ollama.exe) copy C:\Windows\System32\calc.exe C:\Users\Public\ollama.exe Step 2: Run it with user context start C:\Users\Public\ollama.exe Step 3: Wait 23 hours, then delete the executable and logs del C:\Users\Public\ollama.exe ; wevtutil cl "Microsoft-Windows-Sysmon/Operational"
Mitigation – Reduce the refresh cadence by forcing Intune sync on critical devices:
Force Intune Management Extension sync Get-Service -Name "IntuneManagementExtension" | Restart-Service Start-Process "C:\Program Files\Microsoft Intune Management Extension\Microsoft.Management.Services.IntuneWindowsAgent.exe" -ArgumentList "/sync"
What Undercode Say:
- Key Takeaway 1: The A365 – Monitor OpenClaw policy is a game changer for shadow AI visibility, but its 24‑hour refresh cycle leaves a detection gap that red teams can abuse—organizations must supplement with real‑time EDR rules.
- Key Takeaway 2: Because the policy uses a read‑only Properties catalog, it is safe to deploy enterprise‑wide, yet the nine collected properties (especially execution context and SID) give defenders precise attribution to users running unapproved AI tools.
The rise of locally executed generative AI (Ollama, LLaMA.cpp, GPT4All) creates a new blind spot: traffic may not leave the endpoint, bypassing traditional web proxies. Microsoft’s approach—inventory via IME—is necessary but insufficient. Forward‑looking teams should combine this with AI‑specific ASR rules, process creation auditing (Sysmon event ID 1), and user education on approved AI sandboxes. The OpenClaw name (a play on “open claw” vs. “OpenClaw”?) suggests a defensive posture that “claws back” control over shadow AI—but true security demands closing the 24‑hour window with automated remediation.
Prediction:
Within 12 months, Microsoft will reduce the refresh cadence to near‑real‑time (every 5 minutes) by integrating Agent 365 with Microsoft Defender for Endpoint’s live response sensors. Additionally, expect Graph API endpoints for OpenClaw data to expose “first seen” and “last seen” timestamps, enabling automated playbooks that quarantine devices running blacklisted AI agents within minutes. Shadow AI detection will become a standard compliance control in ISO 27001:2026 and NIST AI RMF 2.0, forcing every Intune‑managed enterprise to enable this policy or fail audits. Simultaneously, adversarial AI agents will begin mimicking legitimate system processes (e.g., svchost.exe) to evade the Local AI Agent inventory—kicking off an arms race between Microsoft’s agent fingerprinting and AI‑driven malware.
▶️ Related Video (72% Match):
🎯Let’s Practice For Free:
IT/Security Reporter URL:
Reported By: Derkvanderwoude Bbtg – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
