Forum Discussion

Vimaleshwara Gajanana's avatar
Vimaleshwara Gajanana
Copper Contributor
Sep 12, 2023

How to block Bing Chat public for organization users and allowing Bing Chat Enterprise

Bing Chat Enterprise is made available for enterprise users.  However there is possibility that users might be using Bing Chat public.  Is there a way to force BCE for Organization users and block Bi...
Admin & Set up
mcollis84's avatar
mcollis84
Copper Contributor

Vimaleshwara Gajanana Bradley Fox 

I followed the above suggestion to block the public version, and it worked great.  Users could only get to bing.com/chat when signed into edge with corporate profile.

 

Ignite today announced copilot.microsoft.com.  It's basically the same thing, hosted from a different dedicated URL.  Unfortunately, this bypasses the previously suggested method to block the public version.  Looking for info on how to now force enterprise only version.

Bradley Fox's avatar
Bradley Fox
Brass Contributor
Mar 05, 2024
OK, Here goes for copilot.microsoft.com. This one requires TWO conditional forwarders because Microsoft, in their infantine wisdom, made the redirect a subdomain of the original domain which effs everything up.

What we're trying to do: Redirect copilot.microsoft.com to cdp.copilot.microsoft.com to force data protection in copilot.

On your secondary DNS server (the ones the clients know nothing of) create the primary zone microsoft.com. Add a CNAME for copilot.microsoft.com and point it at cdp.copilot.microsoft.com.

Back to the production server. Create TWO conditional forwarders here.
The first is copilot.microsoft.com that sends the requests to your secondary DNS server to get the CNAME.
The second is cdp.copilot.microsoft.com which should send the request out to the internet (I'm using 8.8.8.8 and 8.8.4.4).

The second is required because if it tries to resolve itself, it just uses the first conditional forwarder again which sends the request in an infinite loop between your DNS servers.

Resources