Netskope Global Technical Success (GTS)
Microsoft m365 Copilot | Option 'Create' - Block Web Access
Netskope Cloud Version - 131
Objective
Microsoft m365 Copilot - Option 'Create' - Block Web Access
Prerequisite
Netskope SWG or NG-SWG license is required
Context
Microsoft m365 Copilot provides an inbuilt ‘Create’ function that can generate images, infographics, stories, and more. This functionality is separate from the Copilot chatbot engine. Customers may have a use case where they want to allow all Copilot services except the ‘Create’ feature. This KB article explains how to achieve this using Netskope.
Link - https://m365.cloud.microsoft/create
Do You Know?
- When you first navigate to https://m365.cloud.microsoft/ and then click on ‘Create’ option, the traffic is redirected to https://m365.cloud.microsoft/create, and in the backend services from another URL https://designerapp.officeapps.live.com/designerapp/TraceRequest.ashx are invoked.
- Given this pattern, sub-domain designerapp.officeapps.live.com likely corresponds to a “designs” application
Configuration
Step 1: Create a custom URL category
Path: Netskope Tenant UI >>> Policies >>> Profile - - - URL Lists
Regex:
.*m365.cloud.microsoft/create.*
.*designerapp.officeapps.live.com/designerapp.*
Path: Netskope Tenant UI >>> Policies >>> Profile - - - Custom Categories
Step 2: Realtime protection policy
Path: Netskope Tenant UI >>> Policies >>> Real-time Protection >>> New Policy
Verification
Note - User Notification format used above Link
- First navigate to https://m365.cloud.microsoft/ and then click on ‘Create’. You will not see a full webpage block. Initially, it may appear that the ‘Create’ option is still accessible, but the moment you try to use it, the ‘Create’ service will fail to load and will not respond.
Author Notes
- The domain officeapps.live.com is mapped to Netskope’s predefined Cloud App connector for Microsoft Office 365 OneDrive for Business.
- Therefore, ensure that the Realtime Policy used to block the ‘Create’ option is placed above the rule that allows traffic for Microsoft Office 365 OneDrive for Business.
Terms and Conditions
- All documented information undergoes testing and verification to ensure accuracy.
- In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.
Notes
- This article is authored by Netskope Global Technical Success (GTS).
- For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.
