Enforce AI-tool blocking on every managed endpoint — Windows, macOS, Linux, iOS, and Android — using custom indicators, web content filtering, and network protection. 16,024+ domains, updated daily, no on-prem proxy required.
Firewalls and proxies only protect users on the corporate network. Defender for Endpoint enforces AI-tool blocking on every device, everywhere — no VPN required.
Blocks AI tools whether the user is in the office, at home, or on airport Wi-Fi. Policy is attached to the device, not the network.
The Defender sensor intercepts connections on the device itself. No split-tunnel gaps, no PAC files, no proxy configuration.
Every block event shows the exact user, device, process, and millisecond-precision timestamp. No ambiguous NAT pool IPs.
Manage indicators in the Microsoft 365 Defender portal or via API. Updates push to every endpoint within minutes.
Runs on Windows 10/11, macOS, Linux, iOS, and Android. One policy, five operating systems.
Push new domains from our 16,024+ feed via API automation. No firewall rules, proxy configs, or DNS zones to update.
Custom indicators tell the Defender sensor to block, warn, or allow connections to specific domains. For AI blocking, you create "Block" indicators for every domain in your list.
The domain or URL to match (e.g., openai.com).
Block, Warn, or Allow — determines what happens when a device connects.
Labels for identifying the indicator in the portal and in alert output.
Informational, Low, Medium, or High — controls alert priority in the portal.
Apply the indicator to all devices or limit it to specific device groups.
Optional time-limited indicators for temporary access exceptions.
The M365 Defender portal lets you add indicators one-at-a-time under Settings > Endpoints > Indicators > URLs/Domains. For thousands of domains, use the API or PowerShell for bulk import.
# PowerShell: Create a single custom indicator via the MDE API # Requires: WindowsDefenderATP app registration with Ti.ReadWrite.All permission $tenantId = "YOUR_TENANT_ID" $appId = "YOUR_APP_ID" $appSecret = "YOUR_APP_SECRET" # Authenticate to Microsoft Defender API $body = @{ grant_type = "client_credentials" client_id = $appId client_secret = $appSecret scope = "https://api.securitycenter.microsoft.com/.default" } $token = (Invoke-RestMethod -Method Post ` -Uri "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token" ` -Body $body).access_token # Create a block indicator for an AI tool domain $indicator = @{ indicatorValue = "openai.com" indicatorType = "DomainName" action = "Block" title = "AI Tool - Blocked by policy" description = "AI tool domain blocked per organizational policy" severity = "Medium" generateAlert = $true } | ConvertTo-Json Invoke-RestMethod -Method Post ` -Uri "https://api.securitycenter.microsoft.com/api/indicators" ` -Headers @{ Authorization = "Bearer $token" } ` -ContentType "application/json" ` -Body $indicator
Our standard feed fits within this cap. For the full 16,024+ domain set, we provide a tiered prioritization list — or combine indicators with web content filtering for complete coverage.
Automate the entire sync with a scheduled task or Azure Automation runbook. New AI domains appear in your Defender tenant automatically on every sync cycle.
# PowerShell: Bulk-sync AI blocklist domains to Defender indicators # Schedule this script to run daily via Task Scheduler or Azure Automation $feedUrl = "https://feeds.aitoolsblocklist.com/v1/domains?format=json&key=YOUR_API_KEY" $tenantId = "YOUR_TENANT_ID" $appId = "YOUR_APP_ID" $appSecret = "YOUR_APP_SECRET" # Step 1: Get access token $tokenBody = @{ grant_type = "client_credentials"; client_id = $appId client_secret = $appSecret scope = "https://api.securitycenter.microsoft.com/.default" } $token = (Invoke-RestMethod -Method Post ` -Uri "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token" ` -Body $tokenBody).access_token $headers = @{ Authorization = "Bearer $token" } # Step 2: Fetch AI tool domains from our feed $aiDomains = (Invoke-RestMethod -Uri $feedUrl).domains # Step 3: Get existing Defender indicators tagged as AI blocklist $existing = (Invoke-RestMethod ` -Uri "https://api.securitycenter.microsoft.com/api/indicators" ` -Headers $headers).value | Where-Object { $_.title -like "AI Tool*" } $existingDomains = $existing.indicatorValue # Step 4: Compute delta — new domains to add $toAdd = $aiDomains | Where-Object { $_ -notin $existingDomains } # Step 5: Create indicators for new domains (batched) $count = 0 foreach ($domain in $toAdd) { $ind = @{ indicatorValue = $domain indicatorType = "DomainName" action = "Block" title = "AI Tool - $domain" description = "AI tool domain from aitoolsblocklist.com feed" severity = "Medium" generateAlert = $true } | ConvertTo-Json Invoke-RestMethod -Method Post ` -Uri "https://api.securitycenter.microsoft.com/api/indicators" ` -Headers $headers -ContentType "application/json" ` -Body $ind $count++ Start-Sleep -Milliseconds 200 # Rate limiting } Write-Host "Synced $count new AI-tool indicators to Defender"
Only 20–50 new domains are added on a typical day. The delta sync completes in under 5 minutes — no need to re-import the full list.
Web content filtering uses Microsoft's URL categorization engine to block entire content categories. It acts as a safety net — catching new AI tools that aren't yet in any domain blocklist.
security.microsoft.com > Settings > Endpoints > Web content filtering
Add a new policy and select the content categories to block. Scope to device groups.
Use custom indicators from our feed for precision targeting of the full 16,024+ domain set.
Catches newly launched AI domains that Microsoft has categorized. Provides baseline coverage without per-domain configuration.
Import 16,024+ domains from our feed. Catches AI tools Microsoft hasn't categorized — with per-domain alerting.
Custom indicators and web content filtering enforce blocks through the browser. Network protection intercepts connections at the OS level — blocking AI access from any application.
Code assistant plugins in VS Code, JetBrains, and other editors connecting to AI APIs.
Standalone AI writing tools, image generators, and productivity apps with AI features.
Automated scripts and command-line utilities calling AI API endpoints directly.
Any HTTP/HTTPS client making direct connections to AI-tool domains.
# PowerShell: Enable network protection in block mode # Run on each endpoint or deploy via Intune/GPO # Check current network protection status Get-MpPreference | Select-Object EnableNetworkProtection # Enable in Audit mode first (recommended for initial deployment) Set-MpPreference -EnableNetworkProtection AuditMode # After reviewing audit logs, switch to Block mode Set-MpPreference -EnableNetworkProtection Enabled # Verify the setting Get-MpPreference | Select-Object EnableNetworkProtection # Output: Enabled = Block mode, AuditMode = Audit, Disabled = Off # To deploy via Group Policy: # Computer Configuration > Admin Templates > Windows Components > # Microsoft Defender Antivirus > Microsoft Defender Exploit Guard > # Network Protection > "Prevent users and apps from accessing # dangerous websites" = Enabled (Block)
Browser-level web content filtering + OS-level network protection = every access vector covered. Browsers, desktop apps, CLI tools, scripts, and system processes are all enforced.
Deploy AI-blocking policies as Intune device configuration profiles. Non-compliant devices can be blocked from corporate resources via Conditional Access.
// Intune: Device Configuration Profile — Network Protection (OMA-URI) // Create via Intune > Devices > Configuration profiles > Create profile // Platform: Windows 10 and later, Profile type: Custom // OMA-URI Setting 1: Enable Network Protection OMA-URI: ./Vendor/MSFT/Policy/Config/Defender/EnableNetworkProtection Data type: Integer Value: 1 // 0=Disabled, 1=Enabled (Block), 2=Audit // OMA-URI Setting 2: Allow Network Protection Down Level OMA-URI: ./Vendor/MSFT/Policy/Config/Defender/AllowNetworkProtectionDownLevel Data type: Integer Value: 1 // OMA-URI Setting 3: Enable Network Protection on Win Server OMA-URI: ./Vendor/MSFT/Policy/Config/Defender/AllowNetworkProtectionOnWinServer Data type: Integer Value: 1
On macOS, deploy a mobileconfig profile via Intune. On iOS and Android, Defender uses a local VPN configuration (no actual tunnel) to route DNS queries through the Defender engine for block enforcement.
Full network protection + custom indicators + web content filtering. Deploy via Intune OMA-URI or endpoint security policy.
Network protection via mobileconfig profile. Custom indicators enforced through the Defender sensor. Web content filtering in Edge and Safari.
Web protection via local VPN DNS filtering. Custom indicators enforced at the DNS layer. Covers all apps, not just the browser.
The portal at security.microsoft.com is your single pane of glass for AI-tool blocking. Every API or PowerShell action is also visible here.
Settings > Endpoints > Indicators — create and manage your domain block indicators.
Settings > Endpoints > Web content filtering — configure category-level blocking policies.
Review block events that generate alerts. Investigate user-level patterns and device details.
Reports > Web protection — aggregate blocked domains, top users, and trend data over time.
Grant indicator management to your security ops team without broader Defender admin privileges.
Scope policies and exceptions per device group — e.g., allow Copilot for engineering while blocking it globally.
For multi-tenant organizations or MSSPs, the Microsoft Graph Security API provides programmatic control over every aspect of Defender configuration.
# PowerShell: Deploy AI blocking via Microsoft Graph API # Requires: Microsoft.Graph PowerShell module Import-Module Microsoft.Graph.Security # Connect with app-only authentication $cert = Get-ChildItem Cert:\CurrentUser\My\THUMBPRINT Connect-MgGraph -ClientId $appId -TenantId $tenantId ` -Certificate $cert # Fetch AI domains from our feed $response = Invoke-RestMethod ` -Uri "https://feeds.aitoolsblocklist.com/v1/domains?format=json&key=YOUR_KEY" # Create indicators via Graph Security tiIndicators endpoint foreach ($domain in $response.domains) { $params = @{ action = "block" description = "AI tool domain - $($domain.category)" domainName = $domain.domain expirationDateTime = (Get-Date).AddDays(30).ToString("o") severity = "medium" targetProduct = "Microsoft Defender for Endpoint" threatType = "UnwantedSoftware" tlpLevel = "white" } New-MgSecurityTiIndicator -BodyParameter $params } Write-Host "Deployed $($response.domains.Count) AI-tool indicators via Graph API"
Conditional Access policies in Entra ID can reference Defender compliance status. Devices that violate your AI-blocking policy lose access to corporate resources automatically.
If a user disables network protection or tampers with indicators, their device becomes non-compliant within minutes. Conditional Access blocks email, SharePoint, Teams, and all protected apps until remediation.
Devices accessing blocked AI domains are flagged with an elevated machine risk level via custom detection rules.
Devices above your risk threshold are marked non-compliant. Status syncs to Entra ID within minutes.
Non-compliant devices are blocked from email, files, Teams, and all apps protected by Conditional Access.
User sees a remediation page explaining the block. Once compliant again, access restores automatically.
Blocking is half the equation. Defender provides multiple reporting layers — from executive dashboards to granular KQL queries — for full visibility.
Aggregate block counts, top blocked domains, and top affected users. Executive-level compliance reporting.
Query raw event data to answer specific questions about AI-tool usage patterns across your organization.
Cross-correlate AI-tool events with other security data. Create analytics rules for circumvention detection.
// KQL: Advanced Hunting — AI tool block events in the last 7 days // Run in Microsoft 365 Defender > Hunting > Advanced hunting DeviceEvents | where Timestamp > ago(7d) | where ActionType == "SmartScreenUrlWarning" or ActionType == "ExploitGuardNetworkProtectionBlocked" or ActionType == "NetworkProtectionResponse" | extend ParsedFields = parse_json(AdditionalFields) | extend BlockedUrl = tostring(ParsedFields.ResponseCategory) | where RemoteUrl has_any ( "openai.com", "claude.ai", "anthropic.com", "gemini.google.com", "midjourney.com", "copilot.microsoft.com", "jasper.ai" ) | summarize BlockCount = count() by DeviceName, AccountName, RemoteUrl | sort by BlockCount desc
// KQL: Top 20 users attempting AI tool access — for policy review DeviceEvents | where Timestamp > ago(30d) | where ActionType in ("SmartScreenUrlWarning", "ExploitGuardNetworkProtectionBlocked") | where RemoteUrl matches regex @"(openai|anthropic|claude|midjourney|jasper|writesonic|copy\.ai|huggingface)" | summarize TotalAttempts = count(), UniqueTools = dcount(RemoteUrl), LastAttempt = max(Timestamp) by AccountName, DeviceName | sort by TotalAttempts desc | take 20
Connect Sentinel analytics rules to Logic Apps — automatically notify the user's manager, open a ServiceNow ticket, or restrict the Azure AD session when circumvention is detected.
# PowerShell: Export AI-tool block events for compliance reporting $startDate = (Get-Date).AddDays(-30).ToString("yyyy-MM-ddTHH:mm:ssZ") $query = @{ Query = @" DeviceEvents | where Timestamp > datetime($startDate) | where ActionType in ("SmartScreenUrlWarning", "ExploitGuardNetworkProtectionBlocked") | project Timestamp, DeviceName, AccountName, RemoteUrl, ActionType | sort by Timestamp desc "@ } | ConvertTo-Json $results = Invoke-RestMethod -Method Post ` -Uri "https://api.securitycenter.microsoft.com/api/advancedhunting/run" ` -Headers @{ Authorization = "Bearer $token" } ` -ContentType "application/json" -Body $query # Export to CSV for compliance team $results.Results | Export-Csv -Path "AI_Block_Report_$(Get-Date -Format 'yyyyMMdd').csv" ` -NoTypeInformation Write-Host "Exported $($results.Results.Count) block events"
Most organizations complete the full deployment in 1–3 business days, with the first week in audit mode for policy validation.
Microsoft Defender for Endpoint Plan 2 license. Devices onboarded to MDE. Azure AD app registration with Ti.ReadWrite.All and WindowsDefenderATP permissions. Network protection capable OS versions (Windows 10 1709+, macOS 11+). Our AI Tools Blocklist API key.
Enable network protection in audit mode. Import AI-tool indicators with action set to "Warn" instead of "Block." Run for five business days. Review Advanced Hunting data to identify which users and departments are accessing AI tools and which specific tools are in use. Adjust your policy scope before enforcement.
Switch network protection to block mode. Update indicators from "Warn" to "Block." Deploy web content filtering policy. Configure the automated daily sync from our AI Tools Blocklist feed. Set up alerting for block events above your threshold. Communicate the policy to end users.
Enable Conditional Access compliance integration. Create Sentinel analytics rules for circumvention detection. Schedule weekly compliance reports via the Advanced Hunting export script. Review and tune exception indicators based on business justification requests from teams that need specific AI-tool access.
Download the free 500-domain sample to test with custom indicators today. Or tell us your tenant configuration and we will send a ready-to-import indicator set within 24 hours.
Specify your MDE plan, OS platforms, and tenant size. We will send a ready-to-import indicator set and automation script within 24 hours.