Gfacility

← Back to blog

AI

Adopting AI with sign-off from the IT department

Using AI at work without IT hitting the brakes calls for governance, not bans. Here is how to combine adoption and control with AI Workers.

June 25, 2026 · 5 min read
AI

Adopting AI with sign-off from the IT department

You adopt AI at work with sign-off from the IT department by treating AI not as a stray little chatbot, but as a colleague you onboard, and by arranging governance up front instead of after the fact. Choose AI that runs inside your existing Microsoft 365 or Google Workspace environment, define which data the AI may see and what it may do, and bring IT to the table from day one. Then AI is not shadow IT sneaking past the department, but a controlled layer your people actually use, one that takes on work that would otherwise be left undone.

Why is AI standing still while everyone is talking about it?

AI took off because it was accessible: suddenly anyone could have their emails written and save time doing it. But AI is far more than writing emails. The step organisations find hard is turning AI from a loose tool into a colleague that genuinely takes on tasks. That is exactly where it often stalls. And this is happening while two things sit on the plate of every facility and IT manager: rising cost pressure and rising quality demands, with shrinking budgets and staff who are hard to find. AI is not hype and it does not replace people; it takes over administrative work so your team can focus on what it was hired for. The fear that AI takes away jobs then turns into something more sober: the work changes, and anyone who thinks it has no impact on their role is underestimating it.

Why does the IT department often slow AI down?

IT rarely says no to AI as such. IT says no to unknown data processing. A loose AI tool that reads documents, calendars and tickets is an open question for a security team: where does the data go, who trains on it, and what happens during an incident? Without an answer, a ban is the safest answer. So the fault does not lie with IT, but with tools that treat governance as an afterthought.

What is shadow AI and why is it a risk?

Shadow AI is AI that employees deploy themselves, out of IT’s sight, often through free consumer accounts. It appears precisely when the official route is too slow. The risk is not the AI itself, but the lack of visibility: company data in an external tool with no data processing agreement, no logging, no way to revoke access when someone leaves. A ban does not solve this, because it only pushes the use further into the shadows.

How do you get AI past the IT department? Governance before use

The winning approach reverses the order: arrange the governance before the AI goes live, not as a separate audit afterwards. Four concrete steps that win an IT department over:

  • Work within the existing identity and permissions (SSO, Microsoft 365 or Google Workspace), so AI never sees more than the user is allowed to see.
  • Define per use case which data the AI consults and which actions it may perform.
  • Keep an audit trail: every AI action is traceable to a user, a ticket and a timestamp.
  • Start small with a bounded use case, measure the result, and only expand once IT is watching along.

This is also the difference between three separate tools and a platform. On an enterprise service management engine, every AI action inherits the same login, permissions and logging that are already there, instead of a new data silo per tool.

How do you convince the IT department? Build a business case and bring IT in early

Arranging governance is half of it; the other half is running the conversation with IT well. The mistake organisations make is bringing IT in only once the tool has already been chosen. Do it the other way around: tell them at an early stage what you are working on and what it should deliver. IT will then look into whether something already exists, how to avoid duplication and what fits the existing landscape, because a security team wants a simple landscape, not a sprawl of systems.

Back it up with a business case. Every new step comes with risk and cold feet; the argument holds the moment the return outweighs the risk. And you do not do it alone: for security you need IT, for budgets finance, and for quality others again. A decision that is good for the whole organisation, not just for your department or for IT, calls for that broader representation at the table.

What role do autonomous AI Workers play here?

The difference between AI talk and AI that finishes the work lies in autonomy within limits. At Gfacility, AI Workers for IT management triage, route and close tickets within the platform, not as a suggestion for the human but as an action. Crucially, an AI Worker only does what it is allowed to do within the system. It does not reach into another system; resetting a password in the identity provider stays human work. That boundary is exactly what an IT department wants to see: autonomy where it is safe, a human where it must be.

How do you start? With the problem, small, with an owner

Do not start with the tool but with the problem: where do you lose the most time on work that adds the least value? That is almost always administrative tasks. Map out where the biggest waste sits and test small there. Put an owner on it who drives it and becomes the point of contact, instead of letting everyone experiment loose. Treat the AI like a new colleague: you onboard it, you adjust it and you share what is not yet going well. Start fast and small within a framework where the risk is contained, because you only learn how it works by using it.

Shadow AI versus AI with IT approval

AspectShadow AIAI with IT approval
DataCompany data in external consumer accountsWithin your own Microsoft 365 or Workspace environment
AccessCannot be revoked when someone leavesFollows SSO and existing permissions
VisibilityNo loggingAudit trail per action
AccountabilityWith the individual employeeWith IT, with clear limits

Listen to SWP Talks #73

This topic was at the heart of SWP Talks #73 from Smart Workplace (25 June 2026): “How do you tap the full potential of AI with sign-off from the IT department”. You can listen to the episode on Spotify.

Frequently asked questions

May AI process company data without IT approval? +

No. AI that reads company data should sit within IT's framework: a data processing agreement, documented data handling and revocable access. AI that runs inside your existing Microsoft 365 or Google Workspace environment stays within that framework because it inherits the existing permissions and logging.

How do you prevent shadow AI? +

By making the official route faster than the workaround. Shadow AI appears when employees have no approved alternative. Offer a controlled AI layer inside the tools they already use, and the incentive to go around IT disappears.

What is the difference between AI assistance and autonomous AI Workers? +

AI assistance makes suggestions that a person still has to carry out. Autonomous AI Workers perform bounded actions themselves, such as triaging, routing or closing a ticket, within the limits you set. Actions that reach into another system stay human work.

Does IT keep control when AI acts on its own? +

Yes, provided every action is traceable. An audit trail that links each AI action to a user, a ticket and a timestamp gives IT the same control as with human actions, plus the ability to adjust the limits per use case.