Let’s discuss how to Block ChatGPT using Microsoft Defender for Endpoint. ChatGPT is an Artificial Intelligence chatbot developed by OpenAI. It has been designed to engage in human-like conversations by understanding and generating text-based dialogue.
You can effectively block ChatGPT using Microsoft Defender for Endpoint, leverage web filtering capabilities, or create custom indicators. Microsoft Defender for Endpoint offers multiple approaches to block access to ChatGPT.
Before implementing the approach of blocking ChatGPT using Microsoft Defender for Endpoint, there are several considerations to keep in mind, such as Impact on legitimate services, Updates, and maintenance, Licensing requirements, etc. This post will show an end-to-end demo, including the prerequisites.
Microsoft Defender for Endpoint provides reports to assess the Web protection reports – Get information about the web activity and web threats detected within your organization. Also, Web Threat detections and Attempts to access malicious URLs reports.
- Deploy Microsoft Defender for Endpoint Policies using Intune
- Microsoft Defender for Endpoint Portal Walkthrough
What are MDE Custom Indicators, and How is this Useful?
Consider the case where you have a web content filtering categorization for a particular site that is not correct. You have web content filtering set to block all AI-based chatbots and plugins, such as ChatGPT, but it’s not working as expected.
1. In general terms, an Indicator of compromise (IoC) indicates a computer or network intrusion has occurred.
2. In Defender for Endpoint, indicators are called Indicators of Compromise (IoCs) and, less often, as custom indicators.
3. Organizations can create custom indicators that help to define the detection, prevention, and exclusion of URLs/Domains.
4. You can define indicators with specific actions for entities, such as files, IP addresses, URLs/domains, and certificates.
What are the Prerequisites for Block ChatGPT using Microsoft Defender for Endpoint?
The Antimalware client version must be 4.18.1906.x or later. Licensing Requirements – Microsoft Defender for Endpoint Plan 1 or Plan 2. You need to Enable MS Defender Network Protection Policy on the client side.
1. Select the Platform as Windows 10, Windows 11, and Windows Server
2. Select the Profile as Microsoft Defender Antivirus
Tips;
1. Defender for Endpoint Plan 1 is available as a standalone plan and is included in Microsoft 365 E3
2. Defender for Endpoint Plan 2 is available as a standalone plan and is included in Microsoft 365 E5
3. If you have Microsoft 365 E3 or E5, make sure to set up your Defender for Endpoint capabilities
What are the Limitations of MDE, and What are the Tips?
When you create Custom indicators, Warn and Block currently work only with Windows devices. The maximum Indicator that you can create is 15000. The Policy change and new policy (update) propagation time are 2 hours, as per Microsoft.
Caution: Defining exclusions reduces the protection offered by Defender for Endpoint and Microsoft Defender Antivirus. Use exclusions as a last resort, and define only the necessary exclusions. Review your exclusions periodically and remove the ones you no longer need. See Recommendations for defining exclusions and Common mistakes to avoid.
Block ChatGPT using Microsoft Defender for Endpoint – Video
Welcome to HTMD Video! How to block ChatGPT using Microsoft Defender for Endpoint video You will get all the details about Microsoft Endpoint for Defender feature to block ChatGPT for your organization.
How to Block ChatGPT using Microsoft Defender for Endpoint
Let,s check how to block ChatGPT using Microsoft 365 Defender using custom indicators. I have logged into Microsoft 365 Defender security.microsoft.com. Select the Settings tab on the left side of the Microsoft Defender.
- Select Endpoints options from the Settings page.
Microsoft Defender for Endpoint is a comprehensive endpoint security platform tailored for enterprises. Select Indicators from Endpoints. If you go to the URL/domain, you can block a URL and block an IP address.
- There are 2 things we need to do one is an IP address, and the other one is a URL or domain because some of the loggings of ChatGPT are using IP addresses.
Adding URLs or domains to block within Microsoft Defender for Endpoint is straightforward. You can easily add URLs/Domains by clicking the Add item option from the below window.
- Endpoints > Indicators > URLs/Domains > Add item
The Add Indicator includes 4 steps Indicator, Action, Organizational scope, and summary. The Indicator is the first step, and it includes Indicator details such as URL/Domain, Title, Description, and Expires on (UTC).
- URL/Domain – https://chat.openai.com/ (Indicator type URL)
- Title – ChatGPT
- Description – AI Based Chat Solution from Open AI
- Expires on (UTC)
- Click the ShowStatisticss option from the below window
After clicking the “Show Statistics” option, the below chat.openai.com window will appear and show the information such as the Original URL, Detection option, Domain details and name, Registration date, expiry date, registration contact information, etc.
In Add indicator, the second option is Action. You can easily select the action on the Action page whenever the URL/Domain is found. The Action page includes 4 settings: Allow, Audit, Warn, and Block execution.
The Action page shows 2 subcategory options Action settings and Alert details. The Action settings show the options such as bypass duration and user notification custom URL.
- Bypass duration is Always.
- User notification custom URL – https://htmd.in – Valid URL.
The Alert details show the options such as general alert, perform historical matching, severity, category, and recommended actions. Perform historical matching, including the options such as 30 days, 60 days, and 90 days.
The Alerts should be categorized into Information, Low, Medium, and High, and you will get different sets of categories from the Alert details page. The recommended actions are also included in the Alert details page.
- After filling in all the details, click the Next button from the below Alert details window.
In the Add indicator, Organizational scope options show 2 options Device groups scope and All devices in my organization. Select the All devices in my organization option and click the Next button.
The summary is the last step in the Add indicator option. The summary section shows the options such as indicator details, URL/Domain, Response Action, Action, Action settings, Bypass duration Alert details, etc.
The below first window shows that the Rule is created, and you can also see the title, all devices, the action, alert severity, etc. If you click on the item over here, it will open up the settings. You can go over here and change if you want. You can change all the settings from the below 2nd window.
Application | Action | Alert Severity | Scope | Expires on (UTC) | Title | Created by | Created on |
---|---|---|---|---|---|---|---|
https://chat.openai.com | Warn | None | All devices | Never | ChatGPT | Name of Creator | Creation date |
You can easily add another item by clicking on the Add item option from the below window. In the Indicator details, you should enter the URL/Domain as chat.openai.com. The below window shows the Indicator type Domain.
In the “Add Indicator” window, enter the information related to the tabs, such as Indicator, action, organizational scope, etc. The below window shows the summary details. The summary is the last settings option, showings all the information in one place.
- URL/Domain – chat.openai.com
Once you have created a rule within Microsoft Defender for Endpoint for blocking URLs or domains, you’ll be presented with a window displaying the rule details and associated settings. After successfully creating a rule, you can find its title, the devices it applies to, the configured action, the alert severity, and more.
It is important to enable one more Microsoft 365 Defender Endpoint for setting blocking ChatGPT. Go to Settings from Microsoft 365 Defender portal and select Endpoints from settings.
- Select Advanced features from Endpoints.
- Enable Custom network indicators by toggling the pane to the Right side.
- Click Save Preferences.
Let’s check things from the client side to see whether the prerequisites are met. That is the 1st thing we can use the Powershell command to do, so we have deployed a Network protection policy to this particular device.
- You can see the Network protection is enabled, and the value is one.
While trying to open https://chat.openai.com, it shows the below error message “This content is blocked. For your protection, your organization is not allowing you to access the resources or content hosted by chat.openai.com. To learn more about why you see this message or contact your administrator.”
Let’s go back to the Microsoft Defender portal and go back to indicators. On the Indicators page, click on the item you want to change and change the Response action to Block execution.
After enabling Block execution and trying to open https://chat.openai.com, it shows a different error message “Your organization blocks this website. Contact your administrator for more information.”
Reports from Microsoft 365 Defender Endpoint
Open Microsoft 365 Defender portal and select Reports and then go to Web protection under Endpoint; you will get Web threat detections over time. You can see different color codes with reports. You will get more details about the Report if you click the Details button.
Author
About Author – Vidya is a computer enthusiast. She is here to share quick tips and tricks with Windows 11 or Windows 10 users. She loves writing on Windows 11 and related technologies. She is also keen to find solutions and write about day-to-day tech problems.
Hi I have created indicator just the same way you did but its not working on my pc..
What I am missing ??