30 Days Gen AI Risk Trial -Start Now
Book a demo
Shadow AI guide

How to block ChatGPT at workand what to do instead

Yes, you can block ChatGPT at work. Tag it unsanctioned in Microsoft Defender for Cloud Apps, block the AI & ML category in Zscaler, set a Netskope Real-time Protection policy, or sinkhole chatgpt.com at your DNS. This guide gives the exact steps, then shows why most security teams end up governing ChatGPT instead of blocking it.

ChatGPT logo

Platform focus

ChatGPT

Four verified ways to block it, what each method misses, and the governance model that actually reduces risk.

Last reviewed: July 2026 · Steps verified against Microsoft, Zscaler, Netskope, and OpenAI documentation current at review time. Vendor menus change; treat paths as orientation, not screenshots.

Comparison of four methods to block ChatGPT at work
MethodWhere it enforcesBest forWhat it misses
Microsoft Defender for Cloud Apps + EntraDevices onboarded to Defender for EndpointMicrosoft 365 E5 / Defender shopsUnmanaged and personal devices, home networks
Zscaler (ZIA Cloud App Control)Traffic steered through ZscalerExisting ZIA deploymentsDevices off Client Connector, mobile on cellular
Netskope (Real-time Protection)Traffic steered through NetskopeExisting Netskope SSE deploymentsUnsteered devices, brand-new AI tools
DNS / firewall / browser policyNetworks and resolvers you controlAny stack, fastest to deployDNS-over-HTTPS, hotspots, personal devices
Method 1

Block ChatGPT with Microsoft Defender for Cloud Apps and Entra

If you run Microsoft 365 with Defender for Endpoint, this is the cleanest path: one Unsanctioned tag enforces at the endpoint for browsers, the desktop app, and scripts alike.

01

Confirm prerequisites

You need devices onboarded to Microsoft Defender for Endpoint, network protection enabled in block mode, and the Defender for Endpoint integration switched on in Defender for Cloud Apps settings. Without these, the Unsanctioned tag is monitoring-only.

02

Find ChatGPT in the Cloud app catalog

In the Microsoft Defender portal, open Cloud apps, then Cloud app catalog, and filter by the Generative AI category. Microsoft maintains this category and groups over a thousand known generative AI services, including ChatGPT and OpenAI.

03

Tag the app as Unsanctioned

Select ChatGPT and apply the Unsanctioned tag. The app's domains sync to Defender for Endpoint as custom URL indicators, and network protection blocks them on onboarded devices whether the request comes from a browser, the desktop app, or a script.

04

Carve out exceptions with Entra

Keep the app unsanctioned for everyone, then use Microsoft Entra Internet Access web content filtering with Conditional Access to allow specific groups (for example, an approved pilot team) to reach it.

05

Block the desktop app with Intune

Use Intune app management policies to block installation of the ChatGPT desktop app on managed Windows and macOS devices, so blocking does not depend on web filtering alone.

What this misses

Enforcement only reaches devices onboarded to Defender for Endpoint. Microsoft's own deployment guidance notes users can still reach unsanctioned apps from unmanaged devices and personal networks. Personal phones, home laptops, and BYOD stay invisible.

Method 2

Block ChatGPT with Zscaler

Zscaler Internet Access ships an AI & ML Applications category with per-app actions, so you can block outright, warn, isolate, or allow with upload controls.

01

Add a Cloud App Control rule

In the ZIA Admin Portal, go to Policy, then URL & Cloud App Control, and add a Cloud App Control rule using the AI & ML Applications category. Zscaler maintains this category and includes ChatGPT and the OpenAI platform.

02

Scope the rule

Select ChatGPT (and any other OpenAI apps you want covered), then scope the rule to users, groups, departments, or locations. Most teams start with a broad scope and carve out an approved pilot group.

03

Pick the action

Choose Block to deny access outright, Caution to show a warning page users can click through, or Isolate to run the session in Zscaler Browser Isolation. With Allow, granular controls can block uploads or restrict access to your ChatGPT Enterprise tenant.

04

Or block the whole URL category

Alternatively, block the AI & ML Applications URL category in URL Filtering. This is broader and catches more tools, but it also breaks any legitimate AI tool your teams already rely on.

What this misses

Zscaler only controls traffic that is steered through it. Devices without Client Connector, phones on cellular, and personal machines bypass the policy entirely. Caution pages also lose their effect once users learn to click through them.

Method 3

Block ChatGPT with Netskope

Netskope covers generative AI through a maintained web category and per-app controls in Real-time Protection, including coaching templates and tenant-level instance awareness.

01

Create a Real-time Protection policy

In the Netskope admin console, go to Policies, then Real-time Protection, and create a new policy. Netskope also offers a dedicated AI Guardrails policy type for generative AI controls.

02

Set the destination

Choose the Generative AI category to cover the whole class of tools, or select the ChatGPT cloud app specifically. Netskope maintains the category and tracks hundreds of generative AI applications in its Cloud Confidence Index.

03

Choose Block or User Alert

Set the action to Block, or use User Alert with a coaching template that warns users and lets you point them to the approved alternative. Instance awareness can allow your corporate ChatGPT Enterprise tenant while blocking personal accounts.

04

Apply and order the policy

Scope the policy to users, groups, or organizational units, place it correctly in the policy order, and publish. Test with a pilot group before enforcing organization-wide.

What this misses

Same steering limitation: only traffic through the Netskope client or gateway is controlled. Category coverage also lags brand-new AI tools, so the newest app your employees found this week may not be categorized yet.

Method 4

Block ChatGPT with DNS, firewall, or browser policy

No SSE platform required. Domain and category blocking at the network edge is the fastest method to deploy, and the easiest to bypass.

01

Block the ChatGPT web domains

At your DNS filter or firewall, block chatgpt.com and chat.openai.com, plus the asset domains the app loads from: oaistatic.com and oaiusercontent.com. Wildcard the subdomains. DNS filtering services and most NGFW content filters can do this in minutes.

02

Decide on api.openai.com separately

Blocking api.openai.com stops direct API access and much of the desktop app traffic, but it also breaks every third-party product your company uses that calls the OpenAI API under the hood. Inventory those integrations before you block it.

03

Use your firewall's AI category if it has one

Most current NGFW and DNS-filtering vendors ship a generative AI or AI services category. Category blocking catches sister tools automatically, at the cost of occasional false positives on legitimate services.

04

Add a managed-browser blocklist

For managed browsers, push the URLBlocklist policy for Chrome and Edge through Group Policy or MDM with the ChatGPT domains. This holds even when the device is off the corporate network, but only inside the managed browser.

What this misses

DNS and firewall rules only apply on networks and resolvers you control. DNS-over-HTTPS, mobile hotspots, home Wi-Fi, and personal devices all bypass them, and OpenAI ships new domains over time. Browser blocklists only hold inside the managed browser.

The honest part

Why blocking ChatGPT fails as a strategy

Every method above works on the slice of devices and networks it can see. The problem is what happens on the rest. The numbers below come from Aona's sourced shadow AI statistics library.

78%

of employees who use AI at work brought their own tools rather than using employer-provided ones. Blocking one sanctioned path does not remove the demand.

Microsoft WorkLab, 2025

52%

of employees say they would not tell their manager they used AI for a work task. Blocking pushes usage further underground, not away.

Microsoft WorkLab, 2025

158+

shadow AI tools are in active use at the average enterprise. Block ChatGPT and usage shifts to Claude, Gemini, DeepSeek, Perplexity, and the long tail.

Gartner, 2025

41%

of senior executives personally used an unsanctioned AI tool in the past 90 days. A block policy that leadership routes around is not a control.

Deloitte, 2025

67%

of CISOs report at least one security incident linked to an unsanctioned AI tool in the past 12 months, most of it in organizations that had rules on paper.

ISACA, 2025

more likely for shadow AI incidents to go undetected than traditional shadow IT incidents. Blocking removes your best telemetry: visibility into real usage.

Gartner, 2026

Blocking is a whack-a-mole game against a catalog that keeps growing. Aona tracks 5,600+ AI tools in active enterprise use, and when one is blocked, employees move to a personal device or the next tool in the list. The organizations that reduce risk are the ones that can see usage and control the data, not the ones with the longest blocklist.

All figures above are cited with primary sources on our Shadow AI Statistics 2026 page.

What to do instead

Govern ChatGPT: discover, set policy, protect data, coach

Keep a short blocklist for tools you genuinely cannot accept. For everything else, govern the usage instead of fighting it.

01

Discover what is actually in use

Build an inventory of every AI tool employees touch, including AI features embedded in approved SaaS. Aona matches endpoint and browser activity against a catalog of 5,600+ AI tools with risk scores, which is why per-tool blocklists cannot keep up.

Shadow AI discovery
02

Set policy per tool and per role

Sanction a default assistant, allow low-risk tools, and restrict the genuinely risky ones. Engineering, legal, and marketing do not need the same rules. A short allow-with-conditions list beats a long blocklist that ages badly.

Generative AI DLP
03

Block or redact only the sensitive data

Instead of blocking the tool, stop the data that should not leave: credentials, customer records, source code, financials. Aona inspects prompts in real time and redacts sensitive content in prompts and in DOCX and Excel file uploads, with PDF redaction in development.

DLP for ChatGPT
04

Coach in the moment

When someone pastes something risky, tell them why it is risky right there in the flow of work and point them to the approved path. In-the-moment coaching changes behavior in a way a block page never does.

Workforce AI security
FAQ

Blocking ChatGPT: common questions

Yes, reliably. On Microsoft-managed devices, tag ChatGPT as Unsanctioned in Defender for Cloud Apps and the domains are blocked at the endpoint through Defender for Endpoint network protection, whatever client makes the request. Zscaler and Netskope block it for any traffic steered through their clients, and Intune or MDM can block the desktop app install. The limits appear off the managed estate: personal phones, home machines, and unmanaged browsers.
Govern instead of block

See every AI tool your employees use, in 48 hours

Aona discovers shadow AI across 5,600+ cataloged tools, enforces data-level policy on prompts and file uploads, and coaches employees in the moment. Start self-serve, no sales call required.