Skip to main content
  • EN

AD_4nXcnSJK0qwzd1p_NXUiEQefq10AkbsxBghmOas_nxkWuKCjoOFWSm2EkxIc_V7eGQ_uamoj7eiwAI2loRHptXhfrb744ZVODgflK2krRa7krf_ovJ62ALX8lDXT6iVY6Eb_yV872ZS1hCbYftXHsWAxzuDU?key=QAlLCiPlougdSxAKLaVpDg

Netskope Global Technical Success (GTS)

KB - Restrict Microsoft Copilot via Netskope Header Insertion

 

Netskope Cloud Version - 117

 

Objective

Prevent the use of Microsoft Copilot via Netskope Header Insertion.

 

Prerequisite

Netskope CASB/SWG license is required.

 

Context

There are scenarios where customers wish to prevent Microsoft Copilot usage as it does not have any business use case.

 

Configuration

Microsoft introduced a HTTP header approach to prevent the use of Copilot without commercial data protection.

Please visit: Manage Copilot

The Key-value for this feature is: “x-ms-entraonly-copilot: 1” which must be inserted on the following domains:

  1. bing.com
  2. copilot.microsoft.com
  3. edgeservices.bing.com

For bing.com (#1) and copilot.microsoft.com (#2), Netskope already has these domains as a part of 2 predefined connectors.

bing.com:

AD_4nXfvMoqava8xg2NIdVZC0FHW87LKnhZIUUgVIuEVRfzymt0-9QGRJOwHh8EKYxAHPhVbCXjJzYjZ50kgGqKZZaeyxegOzPs9JW8VpX3crY7z0u-JNeXNsX7Xt2MqHIXbAyc8asWJnFHouCHOBkZfQ3yzC72X?key=QAlLCiPlougdSxAKLaVpDg

copilot.microsoft.com:

AD_4nXfWYyCTrbTbbDv5-ZvaXMv5s2eKzYeZGFdTaue6v3n8ret5AJs0vWPeqBvVd0zhlfHwYS1dk3WU_7Y53MCHB497yrsOsI_O4BK3EgLsVAodp6MlORYLkfufkyNQg04eCH5N1Pdeapqc1a3Tn2P3zRbcrswE?key=QAlLCiPlougdSxAKLaVpDg

On the other hand, for the missing domain, we will need to create a custom connector leveraging our universal connector.

Go to: Settings >>> Security Cloud Platform >>> App Definition  >>> Click on “New APP Definition Rule” >>> Select “Cloud App” >>> Click on “Universal Connector”, then add “Bing Edge Services” as name, then add: edgeservices.bing.com as domain, and / as path, then save and apply the changes.

AD_4nXcYKwYFnglPYCyjntqgaxynLeSJo32ZjtzpXuyuNMIBVa6bjg1ljSAsSu8uF6Vg3whS-32tbao_lK1DvK0j2wpZkI4NxOzd8fqjhWMKlHfwjLeOWqp6bdtnQfQ18YnnGccTa21SGcuu-DgXZjBPOtTounbX?key=QAlLCiPlougdSxAKLaVpDg

 

Now, we just need to insert the required Key-value header.

Go to: Settings >>> Manage >>> Header Insertion >>> Click on “New Header Insertion Profile” >>> search for Microsoft Bing >>> Select “Custom” add: x-ms-entraonly-copilot, and value: 1, then repeat the same process for Microsoft Copilot and Custom Connector for edgeservices.bing.com.

AD_4nXdR6Oi0NIQ1gTY8D5o_GxmkkZfYiGYi41BeU-9fkzw1K4mGL0lWMrfZ2SK-CLD2h5jVk_0sGykE2ZP-sBTbb3Wl3oqUJO88300NUJb0kxgl3hffpMGDTUbqmRt44ETMJidrJbXKFe27KXUoLw6J-ijGNDA?key=QAlLCiPlougdSxAKLaVpDg

 

Verification:

When accessing Microsoft Copilot via Microsoft Edge, you will see the following Network Error.

AD_4nXeM0arMhcTaHCugc3mPVolrIh-bsRiSRlcJRJPUIg7o4Zb1mjSx8H8Y5CJiuuRdm8QFMiqfnysLq1lIs0LHE73kZMYj51I1yUJodaRqTJCBEGi9FtP35WFFm9s0j6SSunAez5OdJeoWfgTJW4J5jze3PEc?key=QAlLCiPlougdSxAKLaVpDg

 

 

When accessing Microsoft Copilot via Chrome or any other browser, you will notice that the Copilot button is no longer available.

AD_4nXf3zrSOQg7IPYgnyN_WCYMYqoOzh72HRFgJAwGXr7KyjmIaTTSPTzEnSdRuTdSQbuGd8F4nx_JIuUiA4zI5aJy5h9cwYJmxV1G0zYhkySO5TFph453XWdne3yQH__S6M5g3Ln_0C0MiaJoZCuC3ADeJBr5A?key=QAlLCiPlougdSxAKLaVpDg

 

Notes to remember:

  • As we have created a new custom connector, please ensure that Netskope Client has been updated prior to any testing.
  • This article is authored by Netskope Global Technical Success (GTS).
  • For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.
Terms & ConditionsCookie settings