Forum Discussion
How are folks limiting what employees share with unauthorized LLMs?
A common question I encounter is how companies are preventing their employees from sharing sensitive information with unauthorized LLMs. Some of the initial solutions include DLP (Data Loss Prevention) and modifying the network filter. I wonder what Windows offers in this regard, but more importantly - what are the best practices in the industry?
Microsoft Defender Application Guard can be configured to open specific LLM/chat-sites in a lock down browser and control how users interact with the content. With application guard you can block specific sites or limit clipboard, etc.
- GPO: Configure the Group Policy settings for Microsoft Defender Application Guard
- GPO & Intune: Windows 10 - All Things About Application Guard - Microsoft Community Hub
How do you prevent, control, or track your employees' access to unapproved LLM/chat-sites?
3 Replies
Hey JoeCicero
You can use Microsoft Defender to block unauthorized access to LLMs by blocking the URLs under Settings > Endpoints > Rules > Indicators
This will block any LLM's across your org running Defender for Endpoint Agent on the device
Other ways you could block users from access LLM's would be Defender for Cloud Apps by adding a Policy in to block certain apps based on conditions like monitoring etc
- Thanks Bill, for sharing, I will add that to the list.
I continue to work on a blog on the topic and I am excited about where this is headed. Here are some of the approaches I am researching:
Microsoft Defender’s Application Guard:
- Microsoft Defender Application Guard offers a secure, lockdown browser environment specifically for LLM or chat sites. This setup allows organizations to control user interaction with these sites, including blocking certain websites or limiting functionalities like clipboard access. For more information, visit https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-application-guard/mdag-overview
- Policy Implementation via GPO and Intune: https://learn.microsoft.com/en-us/mem/intune/
Microsoft Defender for Endpoint’s URL Blocking:
- Microsoft Defender can be used for blocking unauthorized LLM access through URL blocking, a feature outlined in https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-indicators?view=o365-worldwide
Defender for Cloud Apps:
- Defender for Cloud Apps can be used to block access to certain LLMs based on user activity monitoring. Further details can be found in https://learn.microsoft.com/en-us/cloud-app-security
Incorporating Azure Firewall for Enhanced Protection:
- Azure Firewall can block website categories, such as "chat," to control access to chat-related websites and services. This feature is detailed here: https://learn.microsoft.com/en-us/azure/firewall/features#web-categories
***Please continue to share ideas***
