Forum Discussion
How are folks limiting what employees share with unauthorized LLMs?
A common question I encounter is how companies are preventing their employees from sharing sensitive information with unauthorized LLMs. Some of the initial solutions include DLP (Data Loss Preventio...
Thanks Bill, for sharing, I will add that to the list.
I continue to work on a blog on the topic and I am excited about where this is headed. Here are some of the approaches I am researching:
Microsoft Defender’s Application Guard:
- Microsoft Defender Application Guard offers a secure, lockdown browser environment specifically for LLM or chat sites. This setup allows organizations to control user interaction with these sites, including blocking certain websites or limiting functionalities like clipboard access. For more information, visit https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-application-guard/mdag-overview
- Policy Implementation via GPO and Intune: https://learn.microsoft.com/en-us/mem/intune/
Microsoft Defender for Endpoint’s URL Blocking:
- Microsoft Defender can be used for blocking unauthorized LLM access through URL blocking, a feature outlined in https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-indicators?view=o365-worldwide
Defender for Cloud Apps:
- Defender for Cloud Apps can be used to block access to certain LLMs based on user activity monitoring. Further details can be found in https://learn.microsoft.com/en-us/cloud-app-security
Incorporating Azure Firewall for Enhanced Protection:
- Azure Firewall can block website categories, such as "chat," to control access to chat-related websites and services. This feature is detailed here: https://learn.microsoft.com/en-us/azure/firewall/features#web-categories
***Please continue to share ideas***