Preventing Virtual Assistants from recording meetings

Hello @mchesmo,

Apologies for the delayed response.  There are a number of controls you can apply to prevent the initial enrollment to such apps and alert when a user does install them.  

The first would be a policy that blocks unsanctioned Generative AI tools similar to the one below:
 

 This is fairly broad and leverages CCI tags so you might need to tailor it (and other policies to allow sanctioned Generative AI).  This policy would prevent users on sanctioned machines from navigating to, enrolling, and configuring apps like otter.ai.  Further, Netskope’s SaaS Security Posture Management includes default policies that monitor your Office365 for apps that are installed with excessive or risky permissions.  For example, upon the installation and authorization of otter.ai in my tenant it was flagged by a policy:
 

The risk level was based on the permissions that otter.ai was authorized for:
 

You could then ingest these alerts into a ticketing system or SIEM using Netskope’s Cloud Exchange for automated alerting and triage.    This would cover users on managed and unmanaged devices who register otter.ai and other transcription services based on their risk. 

You can also use the native controls of Microsoft Entra ID to block subsequent signins to otter and other apps:
 

I hope this helps but please let me know if you have any further questions..