Artificial Intelligence (AI) _ Microsoft 365 - Approved Applications
Summary
This article outlines the approved artificial intelligence (AI) applications and their designated uses within Indiana Wesleyan University.
An approved list of applications is necessary to:
- Protect Sensitive Data: Ensuring that all applications handling sensitive data meet stringent security standards.
- Maintain Compliance: Adhering to legal and regulatory obligations to avoid penalties and legal issues.
- Ensure Consistency and Efficiency: Standardizing applications for better support, training, and resource utilization.
- Safeguard the University's Reputation: Preventing incidents that could damage trust and credibility.
Compliance with University Policies
When considering the purchase of AI applications for IWU Protected or Sensitive data, please remember to refer to the approval policies:
- Artificial Intelligence Application Use Policy
- SaaS, Hardware, Cloud Hosting and Software Procurement Policy
Approved AI Applications
The following applications have been reviewed by the Information Security Office and IT. The approval designations are as follows:
- Approved for Testing: This application is currently undergoing testing. If you are interested in the application or wish to obtain context regarding the use case being tested, please contact the owner. Please note that this is a temporary approval status.
- Approved - Production: Production licenses have been deployed. This application is approved for general use and can be accessed via a license from the IWU owner.
| AI Application | IWU Owner | IWU Owner Email | Information | Status |
| Abnormal Security | Michael Madl (ISO) | michael.madl@indwes.edu | Abnormal Security's AI platform enhances email security by combining behavioral analysis, machine learning, and natural language processing to detect and prevent sophisticated phishing attacks. By understanding the unique communication patterns within an organization, it effectively identifies anomalies and potential threats, providing a critical layer of defense against cybercriminals targeting email systems. https://abnormalsecurity.com/ |
Approved - Production (June 24') |
| Axio.ai | Jon Sampson (Enterprises & Partnerships) | jon.sampson@indwes.edu |
Axio.ai provides Indiana Wesleyan University’s Talent Ladder program with an AI-native educational platform designed to support personalized career upskilling. The platform uses generative AI for rapid course creation, adaptive learning paths, and interactive learning experiences, while also deploying AI agents to guide students throughout their educational journey. This system enables IWU to offer scalable, 24/7 personalized support and streamlined operations, all while maintaining compliance with FERPA and integrating into existing student success infrastructure. |
Approved - Production (June 25') |
| Boodlebox | Mike Jones | mike.jones@Indwes.edu | BoodleBox integrates people, AI, and knowledge into a single collaborative platform. A standout feature is its "bot stacking" capability, which allows users to interact with multiple AI assistants within the same chat session, providing diverse perspectives and solutions to enhance productivity. Additionally, BoodleBox prioritizes secure knowledge management, enabling users to work with AI applications while adhering to organizational policies and protecting sensitive data. https://boodlebox.ai/ |
Approved - Production (Dec 24') |
| ChatGPT - Teams Version | Tony Blair (LXD Team) Michael Madl (ISO) Lana Kirk (IT) Aaron Cawthorn (Marketing) |
tony.blair@indwes.edu michael.madl@indwes.edu lana.kirk@indwes.edu aaron.cawthorn@indwes.edu |
The ChatGPT Team Plan is crucial for organizations that prioritize data security and privacy. Its ability to isolate data within a dedicated tenant safeguards sensitive information from unauthorized access and cross-organizational data leaks. This isolation, combined with advanced security features and administrative controls, provides a secure AI environment that aligns with regulatory requirements and organizational policies, ensuring that teams can collaborate effectively without compromising on security. |
Approved - Production |
| CollegeVine | Danny Solms (Admissions) | danny.solms@indwes.edu |
CollegeVine uses generative AI agents to personalize outreach communications (such as emails and messages) to prospective students on behalf of Indiana Wesleyan University (IWU), aiming to increase engagement and enrollment. The AI is trained using IWU-specific content—including institutional details, marketing materials, and uploaded student lead data—and interacts with up to 50,000 uploaded leads and 7,500 connection exports. Additionally, anonymized and aggregated data from these interactions is used to continuously improve the AI models over time. |
Approved - Production (June 25')
|
| Cursor | Stephen Swan (IT) | stephen.swan@indwes.edu | The main goal of Cursor's product is to enhance developer productivity by streamlining the coding process and reducing the time spent on routine tasks. By incorporating AI, it aims to make coding more efficient and accessible, allowing developers to focus on solving complex problems. https://www.cursor.com/ |
Approved - Production |
| Jasper.ai | Aaron Cawthorn (Marketing) | aaron.cawthorn@indwes.edu |
Jasper.ai is a generative AI platform specifically designed to enhance marketing efforts by providing advanced brand control and an intuitive toolkit for creating and managing content across various channels. It offers over 80 AI-powered applications and workflows, enabling marketers to produce on-brand text and images efficiently, while integrating seamlessly with existing marketing technology stacks. By leveraging proprietary marketing intelligence and enterprise-grade security, Jasper ensures that AI-generated content aligns with a company's unique voice and style, thereby accelerating marketing impact and return on investment. |
Approved - Production (Dec 24') |
| Nectir.io | Mike Truong Tony Blair |
mike.troung@indwes.edu tony.blair@indwes.edu |
Nectir.io it provides a communication platform specifically tailored for higher education institutions to enhance collaboration and engagement. It creates real-time, chat-based communities that connect students, educators, and campus organizations within a centralized system. By integrating seamlessly with existing learning management systems (LMS), Nectir.io transforms traditional classroom communication into an interactive, accessible, and connected experience that fosters community building and improves student participation. https://www.nectir.io/ |
Approved - Production (Aug 24') |
| Microsoft Copilot | Information Technology Services | Rob.luttrell@indwes.edu | Microsoft 365 Copilot is an AI-powered assistant integrated into Office applications to enhance user productivity and creativity. It utilizes advanced language models to assist with tasks like drafting documents in Word, generating insights in Excel, creating presentations in PowerPoint, and managing emails in Outlook. | Approved - Production (Jan 24') |
| Read.ai (Enterprise) | N&G | Eileen.Hulme@indwes.edu | Read.ai is an AI-powered platform that provides real-time analytics and insights for virtual meetings. It analyzes engagement metrics, sentiment, and interaction patterns during video conferences on platforms like Zoom and Microsoft Teams. https://www.read.ai/plans-pricing |
Approved - Production - Enterprise version only. (May 24') |
| Scribe | N&G / Marion | josh.grace@indwes.edu |
Scribe is a SaaS tool that automatically generates step-by-step guides by recording user workflows, making it useful for documenting processes, training, and onboarding. Its AI features include smart text generation, auto-labeling of steps, and the ability to redact sensitive information in screenshots. |
Approved - Production - Pro version only |
Reviewed Microsoft 365 App Integrations
This list tracks every app and online service that people at IWU have asked to use through the app approval process integrated with Microsoft 365 in conjunction with their University accounts. Each one is checked to make sure it protects student and employee information, follows legal requirements, and won’t introduce security risks into our systems.
Some apps are approved because they meet our security and privacy standards. Others are denied or blocked when they request more access than they need, store data in unsafe ways, or come from unverified publishers. Reviewing these apps helps protect your email, files, and personal information, and it strengthens IWU’s overall security posture while still allowing safe and useful tools to be used for work, teaching, and learning.
| Application | Date Reviewed | Status | Risk | Explanation |
| Adobe Acrobat (acrobat.adobe.com) | 11/20/25 | Blocked | 🔴 High | This application requires elevated access and is not permitted for use with IWU accounts due to security risk. |
| AhaSlides | 10/28/25 | Approved | 🟢 Low | An interactive presentation tool used for live engagement; approved because it uses minimal permissions. |
| Atlassian Start | 10/31/25 | Approved | 🟢 Low | A launcher for Atlassian cloud apps; approved as it requires minimal Microsoft 365 access. |
| BeezyApp | 12/8/25 | Blocked | 🔴 High | Enterprise social/collaboration tool; blocked because Teams is standard and this adds unnecessary data exposure. |
| BulbApp | 10/27/25 | Approved | 🟢 Low | A digital portfolio tool for sharing learning artifacts; approved due to low permission scope. |
| BusyCal | 11/26/25 | Blocked | 🔴 High | Requests excessive calendar, tasks, and mailbox permissions beyond IWU policy. |
| Chat Mistral (chat.mistral.ai) | 11/10/25 | Denied | 🟡 Moderate | This app isn’t from a verified publisher and requests ongoing access to your account. |
| Chromebook Office Editing | 10/24/25 | Approved | 🟢 Low | Enables editing of Microsoft Office files on Chromebooks; approved due to minimal data exposure. |
| CloudTalk | 11/13/25 | Approved | 🟢 Low | Cloud-based calling platform; approved because it does not request Microsoft 365 data. |
| DOE Identity Server | 11/26/25 | Approved | 🟢 Low | Provides identity authentication for DOE systems; approved due to limited access. |
| Databricks OIDC | 12/11/25 | Approved | 🟡 Moderate | OIDC sign-in for Databricks; decision recorded as approved. |
| Doodle | 11/20/25 | Blocked | 🔴 High | Requests full calendar access and retains event data, creating privacy risks. |
| Dropbox (dropbox.com) | 12/8/25 | Blocked | 🔴 High | SharePoint/OneDrive integration to external storage; blocked since users should not sync IWU files to Dropbox. |
| EdisonMail | 12/16/25 | Blocked | 🔴 High | Requests EWS mailbox access + read mail + send as user + persistent access. |
| Edlio Contact Us | 12/10/25 | Blocked | 🟡 Moderate | Basic profile + persistent access; third-party not verified. |
| Edlio OAuth App | 10/30/25 | Denied | 🟡 Moderate | This integration uses an unverified callback endpoint that could expose contact data. |
| Edpuzzle | 11/5/25 | Approved | 🟢 Low | Interactive video learning tool; approved due to low-risk educational permissions. |
| Evolution (GNOME) | 11/10/25 | Denied | 🔴 Critical | Requests full mailbox, contacts, calendars, and send-as rights. Too much exposure. |
| Fantastical | 12/16/25 | Blocked | 🔴 High | Full calendar + tasks + people + EWS mailbox settings + persistent access. |
| Fetch | 12/11/25 | Blocked | 🔴 High | Reads user mail + persistent access; unverified publisher. |
| Fetch.com | 10/27/25 | Denied | 🔴 High | Vendor security cannot be validated; data collection concerns. |
| Fizz Social (fizzsocial.app) | 10/27/25 | Approved | 🟢 Low | A moderated student community app; approved with minimal Microsoft access. |
| Fizzsocial.app | 11/10/25 | Approved | 🟢 Low | Previously reviewed and approved in project record. |
| Florida SSO (floridasso.b2clogin.com) | 11/5/25 | Denied | 🟡 Moderate | Attempts to authenticate to a non-IWU tenant; cannot permit cross-tenant trust. |
| Fyxer AI | 12/8/25 | Blocked | 🔴 High | AI assistant requesting read/write mailbox and settings; blocked due to full email access and persistent tokens. |
| GPT for Work | 10/28/25 | Denied | 🔴 High | Requests wide Graph API access and is unverified. |
| Gmail (google.com/gmail) | 12/10/25 | Blocked | 🔴 High | Exchange ActiveSync mailbox access + persistent access. |
| Gmail Integration (generic) | 10/22/25 | Denied | 🔴 Critical | Sends email and metadata externally; cannot be approved. |
| GoodNotes | 11/10/25 | Denied | 🟡 Moderate | Stores documents outside Microsoft 365; risk of exposing sensitive data. |
| GroupMe | 12/16/25 | Blocked | 🟡 Moderate | Basic profile + persistent access; consumer chat tool. |
| Happyscribe (happyscribe.com) | 12/8/25 | Blocked | 🔴 High | Transcription service that uploads audio externally; blocked to avoid sending IWU content to unmanaged storage. |
| HubSpot Breeze (msauth://com.hubspot.android.breeze/) | 12/8/25 | Blocked | 🔴 High | Custom mobile OAuth redirect into HubSpot; blocked to prevent direct binding of personal mobile apps to IWU tenant. |
| Jotform | 11/17/25 | Denied | 🔴 High | May expose student or employee submissions externally. |
| Kahoot | 10/31/25 | Approved | 🟢 Low | Game-based learning platform; approved due to minimal access. |
| Kapwing | 11/19/25 | Denied | 🔴 High | Requires OneDrive integration; external content exposure risk. |
| Kortext | 12/8/25 | Approved | 🟢 Low | Digital textbook and course content platform; approved where M365 integration is needed for assigned materials. |
| LearnUpon LMS | 10/27/25 | Approved | 🟢 Low | Cloud LMS for training; approved due to safe integration profile. |
| Lucid.co | 10/28/25 | Approved | 🟢 Low | Diagram and collaboration suite; approved with limited access. |
| Lucidchart | 12/16/25 | Blocked | 🟡 Moderate | Basic profile + persistent access; charting doesn’t require tenant-wide OAuth persistence. |
| MailApp (Force.com) | 10/23/25 | Approved | 🟡 Moderate | Salesforce email plugin; approved with moderate but acceptable access. |
| Manus.ai | 12/1/25 | Blocked | 🔴 High | AI assistant requesting full calendar and send-as mail rights; blocked due to broad mailbox and calendar access. |
| Microsoft TechCommunity | 10/24/25 | Approved | 🟢 Low | Microsoft forum for resources and support; approved because it accesses no sensitive data. |
| Microsoft_Social_Authentication (unverified) | 12/16/25 | Blocked | 🟡 Moderate | Basic profile + persistent access; unverified auth connector. |
| Miro | 11/25/25 | Blocked | 🔴 High | Online whiteboard and collaboration tool; blocked due to broad Microsoft 365 access requirements. |
| MyFiles (Samsung MyFiles app) | 11/26/25 | Blocked | 🔴 High | Samsung MyFiles integration requesting full access to user files; blocked to prevent uncontrolled file syncing. |
| Nearpod | 10/24/25 | Approved | 🟢 Low | Interactive lesson delivery tool; approved due to low permissions. |
| Neon.tech | 10/22/25 | Approved | 🟢 Low | Serverless Postgres system; approved as it does not access IWU accounts. |
| NoodleTools | 10/28/25 | Approved | 🟢 Low | Research management tool; approved due to safe usage profile. |
| Notion | 10/31/25 | Approved | 🟢 Low | Workspace for notes and collaboration; approved for minimal Microsoft 365 integration. |
| OpenAI (openai.com) | 12/10/25 | Denied | 🔴 High | Calendar read + persistent access; third-party AI service. |
| Otter.ai | 10/24/25 | Denied | 🔴 High | Records meetings and stores content externally. |
| PayPal | 12/10/25 | Blocked | 🔴 High | Reads user mail + persistent access; not required for package tracking. |
| PayPal Package List | 11/10/25 | Denied | 🔴 High | Reads emails for tracking and sends data externally. |
| Pear Deck | 11/5/25 | Approved | 🟢 Low | Interactive slide add-on; approved due to limited permissions. |
| PlanSource | 10/30/25 | Approved | 🟢 Low | Benefits administration system; approved because it uses employee-only data. |
| Polly | 11/26/25 | Approved | 🟢 Low | Polling app for Microsoft Teams; approved with low-risk profile and limited Graph permissions. |
| Prezi | 10/27/25 | Approved | 🟢 Low | Zoom-style presentation tool; approved due to no Microsoft data access. |
| ProQuest | 10/22/25 | Approved | 🟢 Low | Academic research database; approved because it accesses no Microsoft 365 content. |
| Project Plan 365 | 11/10/25 | Denied | 🟡 Moderate | Requests ongoing access from an unverified publisher. |
| QR Code Creator | 10/24/25 | Denied | 🟡 Moderate | Not verified; potential data exfiltration. |
| Quizizz | 10/30/25 | Approved | 🟢 Low | Quiz-based learning tool; approved due to low permissions. |
| Read.ai | 10/24/25 | Denied | 🔴 High | Auto-joins meetings and records content externally. |
| ReadSpeaker WASP | 11/19/25 | Blocked | 🔴 High | Requests full file access and may export data. |
| Relay.app | 10/27/25 | Denied | 🟡 Moderate | Requests message automation permissions beyond need. |
| RocketReach | 11/10/25 | Denied | 🔴 High | Requests full mail, contact, and calendar access including send-as rights. |
| Samsung Mail Services | 11/10/25 | Denied | 🔴 High | Would route mail using unsupported protocols. |
| Samsung Website (samsung.com/sec) | 11/17/25 | Denied | 🔴 High | Requests mailbox-level access via unsupported authentication. |
| ScholarXcel.ai | 11/25/25 | Denied | 🔴 High | Student-built custom integration; denied because unverified apps cannot attach directly to the IWU tenant. |
| SchoolAI | 11/14/25 | Approved | 🟢 Low | Classroom assistant for instructional workflows; approved due to minimal access. |
| ScienceConnect | 10/22/25 | Approved | 🟢 Low | Research collaboration platform; approved as it does not require Microsoft 365 access. |
| Screencastify | 12/1/25 | Approved | 🟢 Low | Screen recording tool used for instruction; approved because its Microsoft permissions are limited to basic profile. |
| SheerID | 10/22/25 | Approved | 🟢 Low | Verification service; approved for minimal data use. |
| Shop (shop.app) | 11/10/25 | Denied | 🔴 High | Requests permission to read user mail; not permitted. |
| Skylight Calendar | 11/19/25 | Blocked | 🔴 High | Requests persistent access and may export personal calendar content. |
| Slack | 12/8/25 | Blocked | 🟡 Moderate | Profile + persistent access; conflicts with Teams standard. |
| Slack OAuth Callback | 12/8/25 | Blocked | 🔴 High | Slack integration callback; blocked because Microsoft Teams is the IWU standard and Slack tenant access is not allowed. |
| SmartNoter (smartnoter.ai) | 11/17/25 | Blocked | 🔴 High | Sends user-generated content externally; not verified. |
| Smarty (joinsmarty.com) | 11/20/25 | Blocked | 🔴 High | Requests broad file and mail access; cannot be approved. |
| Spark Mail | 10/24/25 | Denied | 🔴 High | Stores mailbox data on external servers. |
| Speechify | 10/30/25 | Denied | 🔴 High | Stores documents and audio externally. |
| Start (Atlassian) | 10/31/25 | Approved | 🟢 Low | Portal for Atlassian cloud tools; approved with limited access. |
| Thunderbird | 11/10/25 | Approved | 🟢 Low | Local email client; approved because it does not use Graph permissions. |
| TryMartin (trymartin.com) | 11/10/25 | Denied | 🔴 High | Requests permission to read, write, and send email as the user. |
| Turnitin | 12/16/25 | Approved | 🟡 Moderate | Teams/roster/channels + assignment/grades access; approved for academic use. |
| Typing.com | 11/10/25 | Denied | 🟡 Moderate | Requests persistent access not required for simple authentication. |
| UpToDate | 10/31/25 | Approved | 🟢 Low | Clinical reference tool; approved due to no Microsoft account integration. |
| Virtru Callback (accounts.virtru.com) | 12/8/25 | Blocked | 🔴 High | Non-standard Virtru callback configuration; blocked to avoid misrouted encrypted mail and unsupported flows. |
| Whiteboard.chat | 12/8/25 | Blocked | 🔴 High | Online whiteboard that maintains access to user data; blocked due to unmanaged storage of classroom content. |
| WipeBook (Azure Add-In) | 10/30/25 | Approved | 🟢 Low | A tool that syncs digitized whiteboard notes into OneDrive; approved because it uses safe, limited permissions. |
| Zapier | 12/8/25 | Blocked | 🔴 High | Automation hub typically expands data pathways; blocked per record. |
| Zendesk OAuth | 12/16/25 | Blocked | 🟡 Moderate | Basic profile + persistent access; blocked per project record. |
| Zoom (zoom.us) | 11/19/25 | Approved | 🟢 Low | A video conferencing platform used for meetings; approved due to limited Microsoft 365 access. |
| Zoom Social (Zoom OAuth variants) | 10/24/25 | Approved | 🟢 Low | Zoom’s authentication integration used for joining and scheduling meetings; approved because it uses safe, limited permissions. |
| Zoom for SharePoint | 12/1/25 | Blocked | 🔴 High | Zoom for SharePoint add-in requesting full access to all site collections and files; blocked due to excessive scope. |
| ZoomInfo | 11/25/25 | Denied | 🔴 High | Sales intelligence platform with extensive data collection; denied for privacy and profiling risk. |
| iAttended | 10/30/25 | Approved | 🟢 Low | Event attendance tracking tool; approved due to low permissions. |
| iCIMS OneDrive Redirect Integration | 12/1/25 | Blocked | 🔴 High | iCIMS OneDrive redirect requesting full access to user files; blocked until a least-privilege connector is available. |
| powerbiaibotdev (unverified) | 12/11/25 | Blocked | 🟡 Moderate | Profile + persistent access; dev app/unverified callback endpoints. |
Last Updated: 11/25/25