Microsoft Edge: v.138 - Policies to manage Shadow IT

🚨 The Signal: New Edge policies allow blocking unapproved LLMs and redirecting users from other browsers to secure alternatives like Copilot Chat. This helps control Shadow IT and reduce data leakage risks from unsanctioned AI.

The Impact

Security teams and IT admins are affected by new controls to mitigate data exfiltration risks from unsanctioned AI usage.

• Security teams gain tools to enforce secure AI usage.
• IT admins must configure and deploy new browser policies.
• End-users may be redirected from unapproved AI tools.
• Organisations reduce risk of data exposure via Shadow IT LLMs.

The Action

1. Review existing Shadow IT policies for LLM usage.
2. Identify unsanctioned LLMs and other browsers to block.
3. Configure WebContentFilteringBlockedCategories policy in Microsoft Edge.
4. Deploy Edge policies via Intune or Group Policy to target devices.
5. Communicate changes to end-users regarding approved AI tools.

Domain: M365-Apps · Impact: high · Workload: M365 Apps · Essential Eight: User Application Hardening, Application Control · ISM: ISM-0843, ISM-1412, ISM-1485, ISM-1486, ISM-1490, ISM-1542, ISM-1544, ISM-1582, ISM-1585, ISM-1656, ISM-1657, ISM-1658, ISM-1659, ISM-1660, ISM-1667, ISM-1668, ISM-1669, ISM-1670, ISM-1823, ISM-1824, ISM-1859, ISM-1860, ISM-1870, ISM-1871