Block ChatGPT Access to OneDrive Files

ChatGPT allows people to connect their personal and work OneDrive accounts. Connecting to OneDrive doesn’t mean that ChatGPT can reason over OneDrive files in the same way that Microsoft 365 Copilot can when it generates responses. However, it does mean that users can upload files from OneDrive to interact with their content through ChatGPT. Figure 1 shows ChatGPT summarizes the content of a file uploaded from OneDrive for Business.

Of course, people shouldn’t store very confidential and sensitive information in OneDrive for Business accounts, but they do. And the temptation to use ChatGPT is obvious when the price of a Microsoft 365 Copilot license is high, so what can organizations do to stop this behavior.

ChatGPT Cannot Access Protected Files

One way to block ChatGPT access to OneDrive for Business is to encrypt the files with sensitivity labels. ChatGPT cannot process these files even after the owner of the file uploads them to ChatGPT. Sensitivity label encryption is based on rights management, and ChatGPT cannot authenticate with the rights management service to obtain the use license necessary to access files protected with sensitivity labels. That’s a pretty effective way to stop ChatGPT opening the file to copy its contents into memory to reason over the data. Microsoft 365 Copilot Chat faces much the same barrier if the sensitivity label assigned to a file doesn’t grant the EXTRACT usage right to the signed-in user (the new DLP policy for Microsoft 365 Copilot also uses sensitivity labels but blocks access in a different way).

Block Consent for Users

Not every Microsoft 365 tenant uses sensitivity labels, and even users in tenants that do don’t always protect files the way that they should. A more fundamental way to block ChatGPT access to OneDrive is to prevent users from being able to grant consent for apps (Figure 2). Make sure to select the “do not allow user consent” setting or allow consent for “low impact” apps.

If users can grant consent, the first user who attempts to connect their OneDrive for Business account to ChatGPT will create an enterprise app in Entra ID for ChatGPT with permissions to read user data (Figure 3).

This isn’t an abnormal situation because many app publishers (including Microsoft) create enterprise apps in customer tenants in the same way. However, it’s better to have administrative oversight over requests to create new enterprise apps. When created, the ChatGPT app will have a service principal to hold its permissions. The same application identifier (e0476654-c1d5-430b-ab80-70cbd947616a) is used in all tenants.

$ChatGPTApp = Get-MgServicePrincipal -Filter "displayName eq 'ChatGPT'"
$ChatGPTApp

DisplayName Id                                   AppId                                SignInAudience                     ServicePrincipalType
----------- --                                   -----                                --------------                     --------------------
ChatGPT     db277364-71ae-4fa4-9b02-370699b75a0a e0476654-c1d5-430b-ab80-70cbd947616a AzureADandPersonalMicrosoftAccount Application

App consent events are captured in the audit log and can be checked there.

Track What’s Happening

If the ChatGPT app exists in a tenant, it’s easy to check if anyone is using it by looking for sign-in events in the Entra ID log. Here’s some PowerShell to check the sign-in logs for anyone using the ChatGPT application:

[array]$Logs = Get-MgAuditLogSignIn -Filter "AppDisplayName eq 'ChatGPT'" -All
$Logs | Group-Object UserDisplayName | Sort-Object Count -Descending | Format-Table Name, Count

Name                Count
----                -----
Kim Akers (She/Her)     5
René Artois             4

A more precise version checks for successful sign-ins using the ChatGPT application:

[array]$Logs = Get-MgAuditLogSignIn -Filter "AppDisplayName eq 'ChatGPT' and status/errorCode eq 0" -All

Remove the ChatGPT App

If the ChatGPT app is in use, the easiest way to block ChatGPT access to OneDrive for Business is to remove the service principal for its app:

Remove-MgServicePrincipal -ServicePrincipalId $ChatGPTApp.id

Access won’t terminate immediately because ChatGPT sessions might have obtained access tokens that are still valid, but once those tokens expire (within an hour), ChatGPT won’t be able to authenticate with Entra ID because the enterprise app is no longer present in the tenant. Anyone wanting to use ChatGPT to access OneDrive for Business files after that point will need to seek consent to use the app again. And by now, you’ll have blocked that route!

Insight like this doesn’t come easily. You’ve got to know the technology and understand how to look behind the scenes. Benefit from the knowledge and experience of the Office 365 for IT Pros team by subscribing to the best eBook covering Office 365 and the wider Microsoft 365 ecosystem.