How to block non-Entra users from using Copilot in Edge sidebar?

Austin Miller 0 Reputation points
2024-11-22T14:35:10.3066667+00:00

Hello,

In order to secure our network better, we would like to block the instance of Copilot that runs int he Edge sidebar from non-Entra accounts.

These accounts are used on our domain for production users, so they are not provided the Enterprise data protection. I have found the Edge group policy that allows us to disable to sidebar entirely, but my organization does not like this idea since we don't commonly use or maintain group policy.

I have tried blocking copilot.microsoft.com and bing.com/chat on our firewall. This only prevents access to those sites and not access from the Edge sidebar.

From the support site, https://learn.microsoft.com/en-us/copilot/manage I now see that Copilot on Edge does not have distinct separation other than the Enterprise data protection.

My question is: How can I block Copilot on the Edge sidebar for users with non-Entra accounts? Is this possible without using group policy?

Microsoft Edge
Microsoft Edge
A Microsoft cross-platform web browser that provides privacy, learning, and accessibility tools.
2,383 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,454 questions
Microsoft Copilot
Microsoft Copilot
Microsoft terminology for a universal copilot interface.
409 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. James Hamil 26,036 Reputation points Microsoft Employee
    2024-11-22T23:09:28.24+00:00

    Hi @Austin Miller , you can use the EdgeSidebarAppUrlHostBlockList policy. This policy allows you to control which sidebar apps, including Copilot, are blocked:

    1. Access the Edge Sidebar Internals: Navigate to edge://sidebar-internals in your Edge browser. This will provide you with a JSON file that includes a manifest for built-in sidebar apps, including a "target" URL parameter for each app
    2. Identify the URLs to Block: Look for the URLs associated with Copilot in the JSON file. These URLs will be used to configure the policy.
    3. Configure the EdgeSidebarAppUrlHostBlockList Policy: Use the identified URLs to set up the EdgeSidebarAppUrlHostBlockList policy. This policy can be configured to block specific sidebar apps by their URLs.
    4. Implement the Policy: Apply the policy settings to your Edge browser. This will block the specified sidebar apps, including Copilot, for non-Entra users.

    More detailed information here:

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

    0 comments No comments

  2. ShiJieLi-MSFT 10,846 Reputation points Microsoft Vendor
    2024-11-25T06:01:52.38+00:00

    Hi @Austin Miller,

    Just to further explain based on James' answer, it is recommended for you to block the sidebar Copilot by group policy. It is convenient for your organization to manage the behavior via group policy. Maybe it can be a good start for you to try it. Of course, another reason is you just can't block sidebar Copilot other than via group policy.

    If you are not familiar with Edge group policy configuration, please first read Configure Microsoft Edge policy settings on Windows devices, and install Edge policy template according to the tutorial.

    To block Edge sidebar Copilot, use the following steps:

    1. Open the group policy management editor and go to Administrative Templates > Microsoft Edge and then select Control which apps cannot be opened in Microsoft Edge sidebar.
    2. Select Enabled.
    3. Click Show.
    4. Enter edge://discover-chat. User's image
    5. Click OK when you've finished.

    Final result:

    User's image


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best Regards,

    Shijie Li

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.