Protect AI with Conditional Access policy
Generative Artificial Intelligence (AI) services like Microsoft Security Copilot and Microsoft 365 Copilot when used appropriately bring value to your organization. Protecting these services from misuse can be accomplished with existing features like Microsoft Entra Conditional Access policy.
Applying Conditional Access policy to these Generative AI services can be accomplished through your existing policies that target all resources for all users, risky users or sign-ins, and users with insider risk.
This article shows you how to target specific Generative AI services like Microsoft Security Copilot and Microsoft 365 Copilot for policy enforcement.
Create targetable service principals using PowerShell
To individually target these Generative AI services, organizations must create the following service principals to make them available in the Conditional Access app picker. The following steps show how to add these service principals using the New-MgServicePrincipal cmdlet, part of the Microsoft Graph PowerShell SDK.
# Connect with the appropriate scopes to create service principals
Connect-MgGraph -Scopes "Application.ReadWrite.All"
# Create service principal for the service Enterprise Copilot Platform (Microsoft 365 Copilot)
New-MgServicePrincipal -AppId fb8d773d-7ef8-4ec0-a117-179f88add510
# Create service principal for the service Security Copilot (Microsoft Security Copilot)
New-MgServicePrincipal -AppId bb5ffd56-39eb-458c-a53a-775ba21277da
Create Conditional Access policies
As an organization adopting services like Microsoft 365 Copilot and Microsoft Security Copilot, you want to ensure access is only by those users who meet your security requirements. For example:
- All users of Generative AI services must complete phishing-resistant MFA
- All users of Generative AI services must access from a compliant device when insider risk is moderate
- All users of Generative AI services are blocked when insider risk is elevated
Tip
The following Conditional Access policies target the standalone experiences, not embedded experiences.
User exclusions
Conditional Access policies are powerful tools, we recommend excluding the following accounts from your policies:
- Emergency access or break-glass accounts to prevent lockout due to policy misconfiguration. In the unlikely scenario all administrators are locked out, your emergency-access administrative account can be used to log in and take steps to recover access.
- More information can be found in the article, Manage emergency access accounts in Microsoft Entra ID.
- Service accounts and Service principals, such as the Microsoft Entra Connect Sync Account. Service accounts are non-interactive accounts that aren't tied to any particular user. They're normally used by back-end services allowing programmatic access to applications, but are also used to sign in to systems for administrative purposes. Calls made by service principals won't be blocked by Conditional Access policies scoped to users. Use Conditional Access for workload identities to define policies targeting service principals.
- If your organization has these accounts in use in scripts or code, consider replacing them with managed identities.
All users of Generative AI services must complete phishing-resistant MFA
The following steps help create a Conditional Access policy to require all users do multifactor authentication using the authentication strength policy.
Warning
If you use external authentication methods, these are currently incompatable with authentication strength and you should use the Require multifactor authentication grant control.
- Sign in to the Microsoft Entra admin center as at least a Conditional Access Administrator.
- Browse to Protection > Conditional Access > Policies.
- Select New policy.
- Give your policy a name. We recommend that organizations create a meaningful standard for the names of their policies.
- Under Assignments, select Users or workload identities.
- Under Include, select All users
- Under Exclude select Users and groups and choose your organization's emergency access or break-glass accounts.
- Under Target resources > Resources (formerly cloud apps) > Include > Select resources, select:
- Enterprise Copilot Platform fb8d773d-7ef8-4ec0-a117-179f88add510 (Microsoft 365 Copilot)
- Security Copilot bb5ffd56-39eb-458c-a53a-775ba21277da (Microsoft Security Copilot)
- Under Access controls > Grant, select Grant access.
- Select Require authentication strength, then select the built-in Phising-resistant MFA authentication strength from the list.
- Select Select.
- Confirm your settings and set Enable policy to Report-only.
- Select Create to create to enable your policy.
After administrators confirm the settings using report-only mode, they can move the Enable policy toggle from Report-only to On.
All users of Generative AI services must access from a compliant device when insider risk is moderate
Tip
Configure adaptive protection before you create the following policy.
Without a compliance policy created in Microsoft Intune this Conditional Access policy will not function as intended. Create a compliance policy first and ensure you have at least one compliant device before proceeding.
- Sign in to the Microsoft Entra admin center as at least a Conditional Access Administrator.
- Browse to Protection > Conditional Access > Policies.
- Select New policy.
- Give your policy a name. We recommend that organizations create a meaningful standard for the names of their policies.
- Under Assignments, select Users or workload identities.
- Under Include, select All users
- Under Exclude:
- Select Users and groups and choose your organization's emergency access or break-glass accounts.
- Select Guest or external users and choose the following:
- B2B direct connect users.
- Service provider users.
- Other external users.
- Under Target resources > Resources (formerly cloud apps) > Include > Select resources, select:
- Enterprise Copilot Platform fb8d773d-7ef8-4ec0-a117-179f88add510 (Microsoft 365 Copilot)
- Security Copilot bb5ffd56-39eb-458c-a53a-775ba21277da (Microsoft Security Copilot)
- Under Conditions > Insider risk, set Configure to Yes.
- Under Select the risk levels that must be assigned to enforce the policy.
- Select Moderate.
- Select Done.
- Under Select the risk levels that must be assigned to enforce the policy.
- Under Access controls > Grant.
- Select Require device to be marked as compliant.
- Select Select.
- Confirm your settings and set Enable policy to Report-only.
- Select Create to create to enable your policy.
After administrators confirm the settings using report-only mode, they can move the Enable policy toggle from Report-only to On.
All users of Generative AI services are blocked when insider risk is elevated
Tip
Configure adaptive protection before you create the following policy.
- Sign in to the Microsoft Entra admin center as at least a Conditional Access Administrator.
- Browse to Protection > Conditional Access > Policies.
- Select New policy.
- Give your policy a name. We recommend that organizations create a meaningful standard for the names of their policies.
- Under Assignments, select Users or workload identities.
- Under Include, select All users.
- Under Exclude:
- Select Users and groups and choose your organization's emergency access or break-glass accounts.
- Select Guest or external users and choose the following:
- B2B direct connect users.
- Service provider users.
- Other external users.
- Under Target resources > Resources (formerly cloud apps) > Include > Select resources, select:
- Enterprise Copilot Platform fb8d773d-7ef8-4ec0-a117-179f88add510 (Microsoft 365 Copilot)
- Security Copilot bb5ffd56-39eb-458c-a53a-775ba21277da (Microsoft Security Copilot)
- Under Conditions > Insider risk, set Configure to Yes.
- Under Select the risk levels that must be assigned to enforce the policy.
- Select Elevated.
- Select Done.
- Under Select the risk levels that must be assigned to enforce the policy.
- Under Access controls > Grant, select Block access, then select Select.
- Confirm your settings and set Enable policy to Report-only.
- Select Create to create to enable your policy.
After administrators confirm the settings using report-only mode, they can move the Enable policy toggle from Report-only to On.
Related content
- Use report-only mode for Conditional Access to determine the results of new policy decisions.
- Secure Generative AI with Microsoft Entra
- Microsoft Purview data security and compliance protections for generative AI apps
- Considerations for Microsoft Purview AI Hub and data security and compliance protections for Copilot
- Apply principles of Zero Trust to Microsoft Copilot
- Apply principles of Zero Trust to Microsoft 365 Copilot
- Apply principles of Zero Trust to Microsoft Security Copilot