How to block ChatGPT at work
and what to do instead
Yes, you can block ChatGPT at work. Tag it unsanctioned in Microsoft Defender for Cloud Apps, block the AI & ML category in Zscaler, set a Netskope Real-time Protection policy, or sinkhole chatgpt.com at your DNS. This guide gives the exact steps, then shows why most security teams end up governing ChatGPT instead of blocking it.

Platform focus
ChatGPT
Four verified ways to block it, what each method misses, and the governance model that actually reduces risk.
Last reviewed: July 2026 · Steps verified against Microsoft, Zscaler, Netskope, and OpenAI documentation current at review time. Vendor menus change; treat paths as orientation, not screenshots.
| Method | Where it enforces | Best for | What it misses |
|---|---|---|---|
| Microsoft Defender for Cloud Apps + Entra | Devices onboarded to Defender for Endpoint | Microsoft 365 E5 / Defender shops | Unmanaged and personal devices, home networks |
| Zscaler (ZIA Cloud App Control) | Traffic steered through Zscaler | Existing ZIA deployments | Devices off Client Connector, mobile on cellular |
| Netskope (Real-time Protection) | Traffic steered through Netskope | Existing Netskope SSE deployments | Unsteered devices, brand-new AI tools |
| DNS / firewall / browser policy | Networks and resolvers you control | Any stack, fastest to deploy | DNS-over-HTTPS, hotspots, personal devices |
Block ChatGPT with Microsoft Defender for Cloud Apps and Entra
If you run Microsoft 365 with Defender for Endpoint, this is the cleanest path: one Unsanctioned tag enforces at the endpoint for browsers, the desktop app, and scripts alike.
Confirm prerequisites
You need devices onboarded to Microsoft Defender for Endpoint, network protection enabled in block mode, and the Defender for Endpoint integration switched on in Defender for Cloud Apps settings. Without these, the Unsanctioned tag is monitoring-only.
Find ChatGPT in the Cloud app catalog
In the Microsoft Defender portal, open Cloud apps, then Cloud app catalog, and filter by the Generative AI category. Microsoft maintains this category and groups over a thousand known generative AI services, including ChatGPT and OpenAI.
Tag the app as Unsanctioned
Select ChatGPT and apply the Unsanctioned tag. The app's domains sync to Defender for Endpoint as custom URL indicators, and network protection blocks them on onboarded devices whether the request comes from a browser, the desktop app, or a script.
Carve out exceptions with Entra
Keep the app unsanctioned for everyone, then use Microsoft Entra Internet Access web content filtering with Conditional Access to allow specific groups (for example, an approved pilot team) to reach it.
Block the desktop app with Intune
Use Intune app management policies to block installation of the ChatGPT desktop app on managed Windows and macOS devices, so blocking does not depend on web filtering alone.
What this misses
Enforcement only reaches devices onboarded to Defender for Endpoint. Microsoft's own deployment guidance notes users can still reach unsanctioned apps from unmanaged devices and personal networks. Personal phones, home laptops, and BYOD stay invisible.
Block ChatGPT with Zscaler
Zscaler Internet Access ships an AI & ML Applications category with per-app actions, so you can block outright, warn, isolate, or allow with upload controls.
Add a Cloud App Control rule
In the ZIA Admin Portal, go to Policy, then URL & Cloud App Control, and add a Cloud App Control rule using the AI & ML Applications category. Zscaler maintains this category and includes ChatGPT and the OpenAI platform.
Scope the rule
Select ChatGPT (and any other OpenAI apps you want covered), then scope the rule to users, groups, departments, or locations. Most teams start with a broad scope and carve out an approved pilot group.
Pick the action
Choose Block to deny access outright, Caution to show a warning page users can click through, or Isolate to run the session in Zscaler Browser Isolation. With Allow, granular controls can block uploads or restrict access to your ChatGPT Enterprise tenant.
Or block the whole URL category
Alternatively, block the AI & ML Applications URL category in URL Filtering. This is broader and catches more tools, but it also breaks any legitimate AI tool your teams already rely on.
What this misses
Zscaler only controls traffic that is steered through it. Devices without Client Connector, phones on cellular, and personal machines bypass the policy entirely. Caution pages also lose their effect once users learn to click through them.
Block ChatGPT with Netskope
Netskope covers generative AI through a maintained web category and per-app controls in Real-time Protection, including coaching templates and tenant-level instance awareness.
Create a Real-time Protection policy
In the Netskope admin console, go to Policies, then Real-time Protection, and create a new policy. Netskope also offers a dedicated AI Guardrails policy type for generative AI controls.
Set the destination
Choose the Generative AI category to cover the whole class of tools, or select the ChatGPT cloud app specifically. Netskope maintains the category and tracks hundreds of generative AI applications in its Cloud Confidence Index.
Choose Block or User Alert
Set the action to Block, or use User Alert with a coaching template that warns users and lets you point them to the approved alternative. Instance awareness can allow your corporate ChatGPT Enterprise tenant while blocking personal accounts.
Apply and order the policy
Scope the policy to users, groups, or organizational units, place it correctly in the policy order, and publish. Test with a pilot group before enforcing organization-wide.
What this misses
Same steering limitation: only traffic through the Netskope client or gateway is controlled. Category coverage also lags brand-new AI tools, so the newest app your employees found this week may not be categorized yet.
Block ChatGPT with DNS, firewall, or browser policy
No SSE platform required. Domain and category blocking at the network edge is the fastest method to deploy, and the easiest to bypass.
Block the ChatGPT web domains
At your DNS filter or firewall, block chatgpt.com and chat.openai.com, plus the asset domains the app loads from: oaistatic.com and oaiusercontent.com. Wildcard the subdomains. DNS filtering services and most NGFW content filters can do this in minutes.
Decide on api.openai.com separately
Blocking api.openai.com stops direct API access and much of the desktop app traffic, but it also breaks every third-party product your company uses that calls the OpenAI API under the hood. Inventory those integrations before you block it.
Use your firewall's AI category if it has one
Most current NGFW and DNS-filtering vendors ship a generative AI or AI services category. Category blocking catches sister tools automatically, at the cost of occasional false positives on legitimate services.
Add a managed-browser blocklist
For managed browsers, push the URLBlocklist policy for Chrome and Edge through Group Policy or MDM with the ChatGPT domains. This holds even when the device is off the corporate network, but only inside the managed browser.
What this misses
DNS and firewall rules only apply on networks and resolvers you control. DNS-over-HTTPS, mobile hotspots, home Wi-Fi, and personal devices all bypass them, and OpenAI ships new domains over time. Browser blocklists only hold inside the managed browser.
Why blocking ChatGPT fails as a strategy
Every method above works on the slice of devices and networks it can see. The problem is what happens on the rest. The numbers below come from Aona's sourced shadow AI statistics library.
of employees who use AI at work brought their own tools rather than using employer-provided ones. Blocking one sanctioned path does not remove the demand.
Microsoft WorkLab, 2025
of employees say they would not tell their manager they used AI for a work task. Blocking pushes usage further underground, not away.
Microsoft WorkLab, 2025
shadow AI tools are in active use at the average enterprise. Block ChatGPT and usage shifts to Claude, Gemini, DeepSeek, Perplexity, and the long tail.
Gartner, 2025
of senior executives personally used an unsanctioned AI tool in the past 90 days. A block policy that leadership routes around is not a control.
Deloitte, 2025
of CISOs report at least one security incident linked to an unsanctioned AI tool in the past 12 months, most of it in organizations that had rules on paper.
ISACA, 2025
more likely for shadow AI incidents to go undetected than traditional shadow IT incidents. Blocking removes your best telemetry: visibility into real usage.
Gartner, 2026
Blocking is a whack-a-mole game against a catalog that keeps growing. Aona tracks 5,600+ AI tools in active enterprise use, and when one is blocked, employees move to a personal device or the next tool in the list. The organizations that reduce risk are the ones that can see usage and control the data, not the ones with the longest blocklist.
All figures above are cited with primary sources on our Shadow AI Statistics 2026 page.
Govern ChatGPT: discover, set policy, protect data, coach
Keep a short blocklist for tools you genuinely cannot accept. For everything else, govern the usage instead of fighting it.
Discover what is actually in use
Build an inventory of every AI tool employees touch, including AI features embedded in approved SaaS. Aona matches endpoint and browser activity against a catalog of 5,600+ AI tools with risk scores, which is why per-tool blocklists cannot keep up.
Shadow AI discovery →Set policy per tool and per role
Sanction a default assistant, allow low-risk tools, and restrict the genuinely risky ones. Engineering, legal, and marketing do not need the same rules. A short allow-with-conditions list beats a long blocklist that ages badly.
Generative AI DLP →Block or redact only the sensitive data
Instead of blocking the tool, stop the data that should not leave: credentials, customer records, source code, financials. Aona inspects prompts in real time and redacts sensitive content in prompts and in DOCX and Excel file uploads, with PDF redaction in development.
DLP for ChatGPT →Coach in the moment
When someone pastes something risky, tell them why it is risky right there in the flow of work and point them to the approved path. In-the-moment coaching changes behavior in a way a block page never does.
Workforce AI security →Blocking ChatGPT: common questions
See every AI tool your employees use, in 48 hours
Aona discovers shadow AI across 5,600+ cataloged tools, enforces data-level policy on prompts and file uploads, and coaches employees in the moment. Start self-serve, no sales call required.