How are folks limiting what employees share with unauthorized LLMs?
A common question I encounter is how companies are preventing their employees from sharing sensitive information with unauthorized LLMs. Some of the initial solutions include DLP (Data Loss Prevention) and modifying the network filter. I wonder what Windows offers in this regard, but more importantly - what are the best practices in the industry? Microsoft Defender Application Guardcan be configured to open specific LLM/chat-sites in a lock down browser and control how users interact with the content. With application guard you can block specific sites or limit clipboard, etc. GPO: Configure the Group Policy settings for Microsoft Defender Application Guard GPO & Intune: Windows 10 - All Things About Application Guard - Microsoft Community Hub How do you prevent, control, or track your employees' access to unapproved LLM/chat-sites?Are Any Defender Experts customers using Enhanced Phishing Protection in Microsoft Defender?
If you are running Windows 11(version 22H2) in your environment, a newly introduced feature enhances phishing protection by prompting users to exercise caution before entering their passwords in potentially insecure spaces, such as on malicious websites. If a user signs into Windows using a password, Enhanced Phishing Protection works alongside Windows security protections, and helps protect typed work or school password used to sign into Windows 11 in these ways: If users type or paste their work or school password on any browser, into a site deemed malicious by Microsoft Defender SmartScreen, Enhanced Phishing Protection alerts them. It also alerts them to change their password so attackers can't gain access to their account. Reusing work or school passwords makes it easy for attackers who compromise a user's password to gain access to their other accounts. Enhanced Phishing Protection can warn users if they reuse their work or school Microsoft account password on sites and apps and alert them to change their password. Since it's unsafe to store plaintext passwords in text editors, Enhanced Phishing Protection can warn users if they store their work or school password in Notepad, Word, or any Microsoft 365 Office app, and recommends they delete their password from the file. If users type their work or school password into a website or app that SmartScreen finds suspicious, Enhanced Phishing Protection can automatically collect information from that website or app to help identify security threats. For example, the content displayed, sounds played, and application memory. Read more about Enhanced Phishing Protection in Microsoft Defender SmartScreen and how to deploy via Intune and/or GPO here: Enhanced Phishing Protection in Microsoft Defender SmartScreen - Windows Security | Microsoft Learn
