Credit: Dan DeLong/Microsoft
What’s in your Windows security policy? Do you review your settings on an annual basis or more often? Do you provide education and training regarding the topics in the policy?
Does it get revised when the impact of an incident showcases that an internal policy violation led to the root cause of the issue?
And, importantly, do you have a security policy that includes your firm’s overall policies around the increasing race towards artificial intelligence, which is seemingly in nearly every application released these days?
From word processing documents to the upcoming Windows 11, which will include AI prompting in the Explorer platform, organisations should review how they want their employees to treat customer data or other confidential information when using AI platforms.
Many will want to build limits and guidelines into their security plans that specify what is allowed to be entered into platforms and websites that may store or share the information online.
Confidential information should not be included in any application that doesn’t have clearly defined protections around the handling of such data. There are already examples online of what concepts we should be including in our policies.
Evaluate any and all AI tools introduced into your network
First and foremost, evaluate the security of any new AI software or tool that is introduced into a network.
The software should be evaluated for its overall fitness for use, it shouldn’t crash, and it shouldn’t throw off error messages while the software is in operation. The vendor should include a privacy policy as well as terms of service.
It’s also important to review how the vendor indicates that it will be handling updates, security and bug reports, and any other improvements to the platform.
Identify whether the vendor will identify controls in the software to either allow users to use the AI integration or limit it. Review if they have any ability to flag where AI is being used in their platform. Review if they are pushing for the ethical use of AI and are providing you with appropriate feedback channels.
A policy around AI should be clear that no confidential client information should ever be uploaded to the AI interface. Clear instructions in a policy should indicate what is allowed to be entered into the software.
Employees should not share access to anyone not authorised to use the tools and each employee who will be using AI tools should be required to review and sign the policy. Consider the use of employee training to ensure that these policies are followed.
Windows will include clear insight into policy controls
In addition, you may want to review those applications that will include AI and what controls or limitations the vendors enable you to link or tie into.
In the case of Microsoft Windows, that vendor is already exposing group policy controls to limit such already available connections into such applications as the Edge browser and the Bing search engine.
But more is coming. At the recent Microsoft Build conference, Microsoft showcased how they will be bringing AI into the operating system to make it easier for users to find the features and settings they want.
Once again, enterprises may want to evaluate the implications of this technology before they start to fully roll out these platforms.
You can start with the basics such as blocking the request to change the default browser to Edge and the default search engine to Bing. This setting as noted in Edge policies can be set via group policy or Intune. Additional settings include blocking the Bing Chat AI from the Windows 11 search.
To disable Bing Chat AI from the Search field on the taskbar, press the Windows key and open Settings, or use the Windows key + I shortcut to open it directly.
Now click Privacy Security from the left panel scroll down to the Windows permissions section and click on Search permissions from the list. Scroll down to the More settings section and toggle off the Show search highlights option. The Bing Chat AI icon will no longer appear in the search field.
Next, you can remove the Bing AI button from Edge settings. Open Settings in Edge. Select the Sidebar option from the left column. Under the app-specific settings section, click Discover. Now toggle the Show Discover setting off, and the button will disappear.
Future Windows releases will also require diligence
You’ll have to be just as diligent about upcoming Windows 11 releases. As noted at Microsoft Build, AI is now coming to your desktop. Windows Copilot will start to become available in the preview for Windows 11 in June.
In addition, Microsoft is planning to bring AI into Bing chat plugins to Windows which will allow developers to integrate apps within Copilot to “increase engagement on native Windows applications”. I anticipate that Microsoft will expose group policy and Intune settings in order to limit or restrict its use.
At the current time, you can limit Bing Chat using the group policy. There is a new group policy setting to disable the chat icon, and this setting was added with Windows 11 21H2 administrative templates.
You must download the ADMX Templates for Windows 11 October 2021 Update [21H2] from the Official Microsoft Download Center. You’ll want to copy the files from C:\Windows\PolicyDefinitions on a Windows 11 computer to your central policy store. The Configure Chat Icon GPO setting is part of TaskBar.admx and TaskBar.adml.
Changing policy settings for Windows AI components
In the Group Policy Management console, expand your domain and navigate to Group Policy Objects. Create a new Group Policy Object and make a new GPO.
In the Group Policy Management Editor, navigate to Computer Configuration\Administrative Templates\Windows Component\Chat. Find “Configures the Chat icon on the taskbar”. Right-click this policy setting and select Edit. From here you can set the policy as follows:
- Show: If you enable this policy setting and set it to show, the chat icon will be displayed on the taskbar by default. Users can show or hide it in Settings.
- Hide: If you enable this policy setting and set it to hide, the chat icon will be hidden by default. Users can show or hide it in Settings.
- Disabled: If you enable this policy setting and set it to Disabled, the Chat icon will not be displayed, and users cannot show or hide it in Settings.
For the policy “Configures the chat icon on the taskbar GPO,” select Enabled to enable this setting, click Apply and OK. Once again you can choose to Show, Hide or Disable the icon.
The bottom line is that AI is coming to your network and your desktop sooner than you think. Build your policies now and review your processes to determine if you are ready for it today.
