Home » Tech Translated — IT Blog for Australian Businesses | All IT Services » Claude Is Probably Already in Your Business. Is It Set Up Safely?
By |

Right now, there is a good chance someone in your business is copying company information into a free Claude account. It might be a technician summarising a ticket, a manager drafting a proposal, or an employee who discovered the tool, found it genuinely useful, and started pasting in client documents the same afternoon. They are not doing anything malicious. They simply saw a capable tool and got to work.

The question is no longer whether Claude is in your environment. It already is. The real question is whether it is set up safely, and right now for most businesses the honest answer is no.

What is quietly happening today

On a free or personal Claude plan, the default privacy settings can allow your conversations to be retained for up to five years and used to train the AI model. Many people opted into this without realising, simply by clicking through the setup prompt. That means the client data, financials, and internal documents your staff paste in could be sitting well outside your control.

There is a second exposure that is easy to miss. Inside Claude, a single user can connect the tool to Microsoft 365 with a couple of clicks. Once connected, Claude can read that person's Outlook, SharePoint, OneDrive, and Teams data. On a personal account this can happen with no IT approval and no record you would notice, leaving a connection into your business that nobody signed off on. A paid personal plan can also add Claude directly inside Excel, which slips past the usual software install controls because nothing is actually downloaded.

None of this shows up on a normal security report. It looks like business as usual, while your data quietly leaves the building.

The plan you are on decides how protected you are

Not every Claude plan offers the same protection, and the difference is significant.

  • Free, Pro, and Max (consumer plans) Your data can be used to train the model, retention can stretch to five years, and there are no admin controls, no visibility, and no audit logging. These plans are not suitable for company or client data.
  • Team plan Your data is never used for training, full stop. You get admin control over connectors, a usage dashboard, the ability to require approval before staff connect outside tools, and single sign-on. This is the realistic minimum for any business using Claude with real data.
  • Enterprise plan Everything in Team, plus automated user provisioning, the ability to export logs into your security tools, a data processing agreement, and recognised certifications including SOC 2 Type II and ISO 27001. This suits regulated businesses or those with stricter compliance needs.

What a proper setup actually delivers

Done correctly, Claude stops being a hidden risk and becomes a tool you can hand your team with confidence. A proper setup means your data stays yours and is never used to train anyone's model. Staff can safely use Claude against your Microsoft 365 environment, with access limited to exactly what each person is already allowed to see. You can finally see who is using AI and how, instead of guessing. And you keep the productivity benefit your people clearly want, without the compliance headache hanging over it.

The setup itself is a defined process. We find and shut down any unauthorised connections already sitting in your Microsoft 365 tenant, move your team onto the right commercial plan, connect Microsoft 365 the secure, admin-approved way, and tune the permissions so each tool is allowed, restricted, or blocked to suit how you work.

What it costs

The figures below are indicative and give you a realistic sense of the investment. We will confirm exact numbers once we have looked at your environment.

  • Licensing (Team plan) Roughly AU$30 to AU$45 per user each month, with a minimum of five users. Choosing annual billing brings the per-user cost down.
  • Licensing (Enterprise plan) Higher per user and quoted to suit. Generally worth considering once you are above around 20 users or have compliance and data residency requirements.
  • Setup and onboarding A one-off engagement from around AU$1,500, scaling with the size of your tenant and the number of users to migrate and secure.

For most small and medium businesses, that is a modest, predictable cost to close a real data gap and give your team a tool they will use every day.

Find out where you stand

If your team is using Claude, or you are not sure whether they are, that uncertainty is the problem worth solving first. We can check your Microsoft 365 environment for unauthorised AI connections, show you exactly what is happening, and set you up properly on a plan that protects your data.

Get in touch with All IT Services and we will scope a secure Claude setup for your business.

Frequently Asked Questions

Can my staff use Claude on a free plan for work tasks?

Technically yes, but it carries real risk. On a free plan, conversations can be retained for up to five years and used to train the AI model. Any client data, financials, or internal documents pasted in could sit outside your control. For anything involving company or client information, a free plan is not appropriate.

How do I know if my staff have already connected Claude to Microsoft 365?

It does not show up on a standard security report. The connection happens at the individual user level, often without any IT record. An audit of your Microsoft 365 tenant's OAuth connections will surface any Claude integrations. This is part of the environment check we run before any setup engagement.

What is the difference between the Claude Team and Enterprise plans?

Both prevent your data from being used to train the model. Team adds admin controls, a usage dashboard, connector approval, and single sign-on. Enterprise adds automated provisioning, log export into your security tools, a data processing agreement, and compliance certifications including SOC 2 Type II and ISO 27001. Enterprise is generally worth considering above 20 users or where regulatory requirements apply.

Does moving to a Team or Enterprise plan stop the data risk immediately?

The plan change stops future data from being used for training. But unauthorised connections that already exist in your Microsoft 365 tenant need to be found and removed separately. That is why the setup process starts with an audit, not just a licence upgrade.

Is this only relevant for businesses using Microsoft 365?

The Microsoft 365 connection risk is specific to businesses running that environment, but the data retention and training risk applies to any business whose staff use free or personal Claude plans. If your team uses Claude with any company or client information, the plan question is relevant regardless of your productivity stack.

All IT Services helps businesses across Australia set up Claude safely: auditing existing connections, moving teams to the right plan, and securing Microsoft 365 integrations end to end.

Posted in Uncategorized

About All IT Services

We’re a leading IT specialist providing premium services and support to businesses across Australia’s eastern seaboard. Our strength lies in our size – big enough to tackle complex projects yet small enough to pick up the phone when you call.  At All IT Services, our approach is refreshingly straightforward - no endless wait times or tech jargon. Just real people with genuine passion and expertise in IT solutions.

CONTACT US