How are folks limiting what employees share with unauthorized LLMs?

JoeCicero · ‎Nov 29 2023

A common question I encounter is how companies are preventing their employees from sharing sensitive information with unauthorized LLMs. Some of the initial solutions include DLP (Data Loss Prevention) and modifying the network filter. I wonder what Windows offers in this regard, but more importantly - what are the best practices in the industry?

Microsoft Defender Application Guard can be configured to open specific LLM/chat-sites in a lock down browser and control how users interact with the content. With application guard you can block specific sites or limit clipboard, etc.

How do you prevent, control, or track your employees' access to unapproved LLM/chat-sites?

BillClarksonAntill · ‎Nov 29 2023

Hey @JoeCicero

You can use Microsoft Defender to block unauthorized access to LLMs by blocking the URLs under Settings > Endpoints > Rules > Indicators

This will block any LLM's across your org running Defender for Endpoint Agent on the device

Other ways you could block users from access LLM's would be Defender for Cloud Apps by adding a Policy in to block certain apps based on conditions like monitoring etc

JoeCicero · ‎Dec 01 2023

Thanks Bill, for sharing, I will add that to the list.

JoeCicero · ‎Jan 08 2024

I continue to work on a blog on the topic and I am excited about where this is headed. Here are some of the approaches I am researching:

Microsoft Defender’s Application Guard:

Microsoft Defender Application Guard offers a secure, lockdown browser environment specifically for LLM or chat sites. This setup allows organizations to control user interaction with these sites, including blocking certain websites or limiting functionalities like clipboard access. For more information, visit https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-application-...
Policy Implementation via GPO and Intune: https://learn.microsoft.com/en-us/mem/intune/

Microsoft Defender for Endpoint’s URL Blocking:

Microsoft Defender can be used for blocking unauthorized LLM access through URL blocking, a feature outlined in https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-indicators?view=o3...

Defender for Cloud Apps:

Defender for Cloud Apps can be used to block access to certain LLMs based on user activity monitoring. Further details can be found in https://learn.microsoft.com/en-us/cloud-app-security

Incorporating Azure Firewall for Enhanced Protection:

Azure Firewall can block website categories, such as "chat," to control access to chat-related websites and services. This feature is detailed here: https://learn.microsoft.com/en-us/azure/firewall/features#web-categories

***Please continue to share ideas***

How are folks limiting what employees share with unauthorized LLMs?

How are folks limiting what employees share with unauthorized LLMs?

Re: How are folks limiting what employees share with unauthorized LLMs?

Re: How are folks limiting what employees share with unauthorized LLMs?

Re: How are folks limiting what employees share with unauthorized LLMs?

Products (50)

Special Topics (28)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

How are folks limiting what employees share with unauthorized LLMs?

How are folks limiting what employees share with unauthorized LLMs?

Re: How are folks limiting what employees share with unauthorized LLMs?

Re: How are folks limiting what employees share with unauthorized LLMs?

Re: How are folks limiting what employees share with unauthorized LLMs?