Q&A: Christian Nagele, chief strategy officer, Inforcer

Why is AI transforming the market and what does this mean for MSPs?

In the past year, demand for AI has skyrocketed, with 75% of small and medium-sized enterprises (SMEs) already experimenting with AI, with high-growth SMEs showing an even higher rate of AI adoption (83%). This demand comes as no surprise – the productivity potential of AI is well-known. According to Microsoft, 70% of employees say they would delegate as much work as possible to AI if it meant lightening their workload.

Demand is only set to increase, as Microsoft is making it easier for SMEs to access and utilise Copilot. In December, it launched Microsoft 365 Copilot Business, a version of Copilot designed to allow businesses with fewer than 300 users to access the powerful abilities of Copilot at a price point more suitable for SMEs. It bundled Copilot Business into existing Microsoft 365 Business plans to simplify purchasing and is running promotions throughout the first quarter of 2026 to make Copilot more accessible.

Copilot Chat, a chatbot version of Copilot that cannot access organisational data, is also available for free. The result is that more SMEs will be able to start using Copilot and turn to their MSPs for advice, support and enablement.

In the current climate, MSPs cannot ignore the progression of AI. Creating and productising AI services must be top of mind for every MSP, or they will risk losing out on a range of potential customers and revenue opportunities. The scope of the opportunity isn’t lost on MSPs either – 92% of MSPs say their business growth is already being driven by an increased interest in AI.

However, as more intimidating terms like managed intelligence and agentic AI are increasingly thrown around, the response of many MSPs has been to bury their heads in the sand. This is because most MSPs are unsure how to productise AI services, and lack the enablement and tooling needed to allow them to deliver these services at scale.

MSPs looking to capitalise on the AI opportunity need to lay the foundations now. This doesn’t mean immediately overhauling their service offerings, it means creating a strategic and realistic plan for Copilot Readiness and enablement services. Focus on securing the Microsoft 365 tenant, establishing strong data governance and identifying opportunities and use cases for roll out within your customer base.

What are the evolving risks and opportunities, from contractual pitfalls to new revenue streams?

Shadow AI, the unregulated use of AI tools in business, remains one of the most significant risks associated with AI. Today, anyone can create an account on a GenAI platform and input potentially sensitive business information. This could result in data breaches, legal repercussions, and financial and reputational damage.

This issue is already widespread, with 98% of employees are using unsanctioned apps – including shadow AI – at work, and 90% of companies have reported regular use of personal AI tools for work tasks.

MSPs face dangers from this too. SMEs have inherent trust that their MSP will manage their cyber security and prevent breaches. If an SME experiences a breach as a result of shadow AI, their MSP risks losing their trust – and their revenue.

MSPs need to actively educate their customers on the dangers of shadow AI and how they can utilise AI safely. Encouraging customers to use Copilot as their AI tool of choice helps to mitigate this risk, as Copilot is an isolated instance of AI per business, minimising the chance of a data leak.

Of course, to use Copilot safely, the Microsoft 365 tenant must be secured, and the data contained within it must be properly orchestrated and governed – enter the MSP. The inherent risk of shadow AI and data breaches creates the opportunity to unlock new revenue streams centred around Copilot readiness services and AI enablement.

What does true AI readiness look like, including technical, security and data governance considerations?

For MSPs, AI readiness starts with understanding whether customers are mature enough to benefit from AI. MSPs need to understand what their customers are hoping to achieve with AI, and whether there is a realistic business case for roll out.

It’s crucial to analyse customer data environments to ascertain whether they have high-quality, readily available and accessible data to make effective use of AI tools. If data is scattered inconsistently both in and outside of Microsoft 365 environments, for example, then it will need to be gathered, formatted consistently and consolidated before they will benefit from Copilot adoption. MSPs can then start to identify power users within Microsoft 365, and pilot adoption with those who will benefit most immediately within an organisation.

Tenant security and data governance must also be considered as a fundamental part of AI readiness. Before anything else, MSPs should conduct a risk assessment auditing existing Microsoft 365 security policies and remediate where issues are identified. They then need to clearly define purposes, rules and role assignments for Microsoft 365 workspaces, review permissions and strengthen data access controls, and apply sensitivity labels and conditional access policies to protect confidential data. 

What are the legal and compliance risks of shadow AI, including GDPR, data leakage and reputational damage?

As AI has become ubiquitous, shadow AI has become a growing problem for all companies and industries, with employees often accessing AI tools without their employer’s knowledge. This is a huge concern for organisations that may not be aware of how or where data and intellectual property is being shared or used. Employees could either knowingly or unknowingly leak business critical information or data, potentially breaking confidentiality clauses owing to lack of understanding about the content they’re working with.

What are the practical controls and policies to safeguard your clients and your business?

Data loss prevention (DLP) policies are a key part of AI readiness and security. These prevent sensitive data from leaving trusted domains, block external sharing, printing, copying and uploads to unauthorised apps, and ensure compliance with regulatory requirement and internal governance standards.

Multi-factor authentication, conditional access policies and sensitivity labels also help to organise and protect sensitive data, ensuring only authorised users can access sensitive information when using Copilot.