How to Prevent Users from Adding OneDrive into ChatGPT

Nowadays, AI tools play a major role in optimizing work and saving time in professional lives. Many organizations encourage the use of AI tools; however, some are concerned about data security. Microsoft being partnered with ChatGPT increases its usage among Microsoft 365 users. Consequently, Microsoft OneDrive accounts, both personal and work, can be connected to ChatGPT for seamless integration and access to files. While this feature may enhance the creative work experience, admins should consider the potential risks of data exposure it poses.

Let’s delve into how to restrict users from connecting their OneDrive accounts to ChatGPT as an effective data loss prevention strategy.

While users connecting their OneDrive accounts to ChatGPT, they must give consent on behalf of the organization. It will ask permission to read your files, site contents, read all the files you have access to, maintain access to files, and read your profile. Thus, it stores all your organization’s sensitive data to provide better results, leading to critical data exposure.

When user provide consent with all the above-mentioned permissions, sensitive data might be exposed and there is a chance of sensitive data leakage. Thus, admins should block users from granting app consent and enable admin access approval workflow. So, users might request admins before consenting to any third-party apps for securing the data.

To block the user app consent in Entra ID, follow the below steps.

• Sign in to Microsoft Entra Admin Center.
• Navigate to Applications –> Enterprise applications –> Consent and permissions –> User consent settings.
• Choose ‘Do not allow user consent’ option and click Save.

To enable admin access approval workflow in Microsoft Entra ID, follow the below steps.

• Navigate to Enterprise applications –> consent and permissions –> Admin consent settings in Entra admin center.
• Turn the ‘User can request admin consent to apps they are unable to consent to’ toggle to ‘Yes’.
• Select the reviewer (i.e., users, groups, or roles) based on your requirements.
• Click Save.

User Experience

After enabling the admin access approval workflow, users can’t give consent to ChatGPT or any third-party apps, asking for a justification message and request approval as shown below.

I hope this blog helps you to restrict users from connecting their OneDrive work accounts to ChatGPT for safeguarding data in your organization. For any queries, feel free to reach us through the comments section.