Executive Summary

In December 2025, Gartner issued an urgent advisory recommending that organizations “block all AI browsers for the foreseeable future” due to critical cybersecurity risks.AI browsers like Perplexity’s Comet and OpenAI’s ChatGPT Atlas introduce threats including irreversible data loss, prompt injection vulnerabilities, and unauthorized credential access.With 27.7% of organizations already having at least one user with an AI browser installed,the time to act is now. [computerworld.com]

This comprehensive guide provides step-by-step instructions for configuring Microsoft 365 Business Premium (M365 BP), specifically Microsoft Defender for Cloud Apps, to detect, monitor, and block AI-enabled browsers like Comet from accessing your enterprise resources.

Understanding the AI Browser Threat Landscape

Why AI Browsers Are Dangerous

According to Gartner analysts, “The real issue is that the loss of sensitive data to AI services can be irreversible and untraceable. Organizations may never recover lost data.” [computerworld.com]

Key Security Concerns:

1. Autonomous Actions Without Oversight – AI browsers can autonomously navigate websites, fill out forms, and complete transactions while authenticated, creating accountability concerns for erroneous or malicious actions [computerworld.com]
2. Traditional Controls Are Inadequate – “Traditional controls are inadequate for the new risks introduced by AI browsers, and solutions are only beginning to emerge,” according to Gartner’s senior director analyst Evgeny Mirolyubov [computerworld.com]
3. Multi-Modal Communication Gaps – A major gap exists in inspecting multi-modal communications with browsers, including voice commands to AI browsers [computerworld.com]
4. Immature Security Posture – Discovered vulnerabilities highlight broader concerns about the maturity of AI browser technology, with solutions likely taking “a matter of years rather than months” to mature [computerworld.com]

Prerequisites and Licensing Requirements

Required Licenses

To implement comprehensive AI browser blocking, you need: [wolkenman….dpress.com]

Technical Prerequisites

Before implementing blocking policies, ensure: [learn.microsoft.com], [learn.microsoft.com]

• ✅ Microsoft Defender for Cloud Apps license (standalone or bundled)
• ✅ Microsoft Entra ID P1 license (standalone or bundled)
• ✅ Microsoft Defender for Endpoint deployed and configured
• ✅ Cloud Protection enabled in Defender for Endpoint [learn.microsoft.com]
• ✅ Network Protection enabled in Defender for Endpoint [learn.microsoft.com]
• ✅ Admin permissions – Global Administrator or Security Administrator role
• ✅ Microsoft Defender Browser Protection extension installed on non-Edge browsers [learn.microsoft.com]

Multi-Layered Defense Strategy

Blocking AI browsers requires a comprehensive, defense-in-depth approach using multiple Microsoft 365 security layers:

Configuration Guide: Step-by-Step Implementation

Phase 1: Enable Cloud Discovery for AI Applications

Objective: Gain visibility into which AI browsers and applications are being used in your organization.

Step 1.1: Access Cloud Discovery Dashboard

1. Navigate to Microsoft Defender Portal (https://security.microsoft.com)
2. Go to Cloud Apps → Cloud Discovery → Dashboard
3. Set the time range to Last 90 days for comprehensive analysis [wolkenman….dpress.com]

Step 1.2: Filter for Generative AI Applications

1. In the Cloud Discovery dashboard, click Category filter
2. Select “Generative AI” from the category list [wolkenman….dpress.com]
3. Review discovered AI applications with their risk scores
4. Note applications with High Risk status (red indicators) [wolkenman….dpress.com]

Step 1.3: Identify AI Model Providers and MCP Servers

Beyond browsers, also identify: [wolkenman….dpress.com]

• AI – Model Providers (Azure OpenAI API, Google Gemini API, Anthropic Claude API)
• AI – MCP Servers (Model Context Protocol servers)

Navigate to: Cloud Apps → Cloud App Catalog → Filter by “AI – Model Providers” and “AI – MCP Servers”

Phase 2: Configure Defender for Endpoint Integration

Objective: Enable automatic blocking of unsanctioned apps through network-level enforcement.

Step 2.1: Enable Enforce App Access

1. In Microsoft Defender Portal, navigate to:
   • Settings → Cloud Apps → Cloud Discovery → Enforce App Access [wolkenman….dpress.com]
2. Toggle “Automatically block unsanctioned apps” to ON
3. This creates automatic indicators in Defender for Endpoint when apps are marked as unsanctioned [wolkenman….dpress.com]

Step 2.2: Verify Network Protection Status

Ensure Network Protection is enabled for all browsers: [wolkenman….dpress.com]

1. Navigate to Settings → Endpoints → Configuration Management
2. Go to Enforcement Scope → Network Protection
3. Verify status is set to “Block mode” (not just Audit mode)
4. Apply to All devices or specific device groups

Why This Matters: Network Protection ensures that blocks work across all browsers (Chrome, Firefox, etc.), not just Microsoft Edge. [wolkenman….dpress.com]

Phase 3: Unsanction and Block Comet Browser

Objective: Mark Comet and other AI browsers as unsanctioned to trigger automatic blocking.

Step 3.1: Search for Comet in Cloud App Catalog

1. Go to Cloud Apps → Cloud App Catalog
2. Use the search function to find “Comet” or “Perplexity”
3. Click on the application to review its risk assessment

Note: If Comet hasn’t been discovered yet in your environment, you can still add custom URLs for blocking (see Phase 6).

Step 3.2: Unsanction the Application

1. Click the three dots (⋮) at the end of the application row
2. Select “Unsanctioned” [learn.microsoft.com]
3. A confirmation dialog will appear indicating the app will be blocked by Defender for Endpoint [wolkenman….dpress.com]
4. Click Confirm

Step 3.3: Verify Indicator Creation

1. Navigate to Settings → Endpoints → Indicators → URLs/Domains [wolkenman….dpress.com]
2. Confirm that domains associated with Comet appear with action “Block execution”
3. Processing may take 5-15 minutes

Example domains that may be blocked:

• *.perplexity.ai
• comet.perplexity.ai
• Related CDN and API endpoints

Phase 4: Create Conditional Access Policies

Objective: Route traffic through Defender for Cloud Apps proxy for deep inspection and control.

Step 4.1: Create Base Conditional Access Policy

1. Sign in to Microsoft Entra Admin Center (https://entra.microsoft.com)
2. Navigate to Protection → Conditional Access → Policies
3. Click + New policy [learn.microsoft.com]

Step 4.2: Configure Policy Settings

Policy Name: Block AI Browsers via Session Control

Assignments: [learn.microsoft.com]

Access Controls: [learn.microsoft.com]

• Under Session → Select “Use Conditional Access App Control”
• Choose “Use custom policy”
• Click Select

Enable Policy: Set to Report-only initially for testing [learn.microsoft.com]

Step 4.3: Save and Validate

1. Click Create
2. Wait 5-10 minutes for policy propagation
3. Test with a pilot user account

Critical Note: Ensure the “Microsoft Defender for Cloud Apps – Session Controls” application is NOT blocked by other Conditional Access policies, or session controls will fail. [learn.microsoft.com]

Phase 5: Create Session Policies to Block AI Browser User Agents

Objective: Create real-time session policies that identify and block AI browsers based on user-agent strings and behavioral patterns.

Step 5.1: Create Access Policy for User-Agent Blocking

This is one of the most effective methods to block specific browsers like Comet. [securityhq.com]

1. In Microsoft Defender Portal, navigate to:
   • Cloud Apps → Policies → Policy Management → Conditional Access tab [learn.microsoft.com]
2. Click Create policy → Access policy [learn.microsoft.com]

Step 5.2: Configure Access Policy Details

Basic Information: [learn.microsoft.com]

Step 5.3: Set Activity Filters

Activities matching all of the following: [learn.microsoft.com]

1. App: Select applications to protect
   • Office 365
   • Exchange Online
   • SharePoint Online
   • Microsoft Teams
   • OneDrive for Business
2. Client app: Select Browser [learn.microsoft.com]
3. User agent tag:
   • Contains “Comet”
   • Or create custom user-agent filter (see Step 5.4)
4. Device type: (Optional) Apply to specific device types

Step 5.4: Create Custom User-Agent String Filters

While Defender for Cloud Apps doesn’t expose direct user-agent string matching in the UI by default, you can leverage activity filters: [securityhq.com]

Known AI Browser User-Agent Patterns to Block:

User-Agent patterns (Create separate policies or use contains logic):
- Contains "Comet"
- Contains "Perplexity"
- Contains "axios" (common in automated tools)
- Contains "ChatGPT" (for Atlas browser)
- Contains "AI-Browser"
- Contains "agentic"

Advanced Method – Using Session Policy with Inspection:

1. Create a Session Policy instead of Access Policy
2. Set Session control type: to “Block activities” [learn.microsoft.com]
3. Under Activity type, select relevant activities
4. In Inspection method, configure content inspection rules

Step 5.5: Set Actions

Actions:

• Select “Block”
• Enable “Notify users” with custom message:

Access Denied: AI-Enabled Browser Detected

Your organization's security policy prohibits the use of AI-enabled browsers 
(such as Comet, Atlas, or similar tools) to access corporate resources due to 
data security and compliance requirements.

Please use Microsoft Edge, Chrome, or Firefox to access this resource.

If you believe this is an error, contact your IT helpdesk.

Step 5.6: Enable Governance Actions

• Select “Send email to user”
• Select “Alert severity” as High
• Enable “Create an alert for each matching event”

Step 5.7: Activate the Policy

1. Review all settings
2. Click Create
3. Policy becomes active immediately
4. Monitor via Activity Log for matches

Phase 6: Block Comet Domains via Custom Indicators

Objective: Manually add Comet-related domains to Defender for Endpoint indicators for network-level blocking.

Step 6.1: Identify Comet-Related Domains

Based on Perplexity’s infrastructure, key domains include: [computerworld.com]

Primary Domains:
- perplexity.ai
- www.perplexity.ai
- comet.perplexity.ai
- api.perplexity.ai

CDN and Supporting Infrastructure:
- *.perplexity.ai (wildcard)
- assets.perplexity.ai
- cdn.perplexity.ai

Step 6.2: Create URL/Domain Indicators

1. Navigate to Settings → Endpoints → Indicators → URLs/Domains
2. Click + Add item

For each domain, configure:

3. Click Save
4. Repeat for all identified domains

Step 6.3: Test Domain Blocking

1. From a test device with Defender for Endpoint installed
2. Navigate to https://www.perplexity.ai in any browser
3. You should see: [wolkenman….dpress.com]

This site has been blocked by your organization
Microsoft Defender SmartScreen blocked this unsafe site

This web page was blocked by Microsoft Defender Application Control
perplexity.ai has been blocked by your IT administrator

Phase 7: Create Cloud Discovery Policies for Alerting

Objective: Set up automated alerts when AI browsers are detected in your environment.

Step 7.1: Create App Discovery Policy

1. Navigate to Cloud Apps → Policies → Policy Management
2. Click Create policy → App discovery policy [learn.microsoft.com]

Step 7.2: Configure Discovery Policy

Policy Template: Use “New risky app” template or create custom [learn.microsoft.com]

Filters:

• App category equals Generative AI
• Risk score less than or equal to 6 (out of 10)
• App tag equals Unsanctioned

Governance Actions:

• Send email to security team
• Create alert with High severity

Testing and Validation

Validation Checklist

Monitoring and Reporting

Activity Log Monitoring:

1. Cloud Apps → Activity Log
2. Filter by:
   • Policy: Select your AI browser blocking policies
   • Action taken: Block
   • Date range: Last 7 days

Defender for Endpoint Alerts:

1. Incidents & Alerts → Alerts
2. Filter by:
   • Category: Custom indicator block
   • Title: Contains “Perplexity” or “Comet”

Advanced Configuration Options

Option 1: Device Compliance Requirements

Combine AI browser blocking with device compliance:

1. In Conditional Access policy, add Conditions → Device platforms
2. Require devices to be Compliant or Hybrid Azure AD Joined
3. Use Intune compliance policies to check for:
   • Comet browser installation (custom script detection)
   • Other AI browser installations

Option 2: Warn and Educate Mode

Before full blocking, consider “Warn and Educate” mode: [learn.microsoft.com]

1. Set indicators to “Warn” instead of “Block”
2. Users see warning message but can proceed (with logging)
3. Collect usage data for 2-4 weeks
4. Transition to Block mode after user education

Option 3: Scoped Blocking by Device Groups

Target specific departments first:

1. In Defender for Endpoint, create device groups:
   • Finance Team
   • Executive Leadership
   • High-Risk Departments
2. Apply indicators only to these groups initially
3. Expand gradually after validation

Option 4: DLP Integration for Data Leaving via AI Browsers

Even with blocks, ensure data leakage prevention:

1. Create Microsoft Purview DLP policies
2. Target “All locations” including endpoints
3. Configure rules to detect sensitive data:
   • Credit card numbers
   • Social Security numbers
   • Confidential project names
4. Block upload/sharing of sensitive content

Identifying Comet Browser Technical Indicators

User-Agent String Analysis

While official Comet user-agent strings aren’t publicly documented by Perplexity, AI browsers typically exhibit these patterns:

Common AI Browser User-Agent Characteristics:

Mozilla/5.0 (Platform) ... Comet/[version]
Mozilla/5.0 (Platform) ... Perplexity/[version]
Chromium-based with custom identifiers
May contain "AI", "Agent", "Agentic" in UA string

Detection Strategy:

1. Review Activity Log in Defender for Cloud Apps
2. Filter for unknown/suspicious user agents
3. Export activity data with user-agent strings
4. Analyze patterns using PowerShell or Excel
5. Update policies based on findings

Network Traffic Patterns

Comet communicates with Perplexity cloud infrastructure: [computerworld.com]

• High-frequency API calls to api.perplexity.ai
• WebSocket connections for real-time AI responses
• Upload of page content and browsing context
• Telemetry to Perplexity servers

Monitor via Defender for Cloud Apps:

• Cloud Apps → Activity Log
• Filter by IP address ranges (if known)
• Look for unusual upload patterns

Troubleshooting Common Issues

Issue 1: Blocks Not Working in Chrome/Firefox

Symptom: Comet/Perplexity sites accessible in non-Edge browsers

Solution: [wolkenman….dpress.com]

1. Verify Network Protection is enabled in Defender for Endpoint
2. Check Settings → Endpoints → Configuration Management
3. Ensure status is “Block” not “Audit”
4. Restart browser and test again

Issue 2: Conditional Access Policy Not Triggering

Symptom: Users can access M365 apps without session controls

Solution:

1. Verify Conditional Access policy is in “On” mode (not Report-only) [learn.microsoft.com]
2. Check that “Microsoft Defender for Cloud Apps – Session Controls” app is not blocked
3. Ensure apps are listed as “Monitored” in Conditional Access App Control [securityhq.com]
4. Clear browser cache and test in incognito mode

Issue 3: Legitimate Traffic Being Blocked

Symptom: False positives blocking valid user activity

Solution:

1. Review Activity Log for specific blocked events
2. Refine user-agent filters to be more specific
3. Create exception policies for legitimate tools
4. Use “Exclude” filters in policies for specific users/groups

Issue 4: Indicators Not Appearing in Defender for Endpoint

Symptom: Unsanctioned apps don’t create indicators

Solution:

1. Verify “Enforce App Access” is enabled [wolkenman….dpress.com]
2. Check that Defender for Endpoint integration is active
3. Wait 15-30 minutes for synchronization
4. Manually create indicators if automatic creation fails

Best Practices and Recommendations

Strategic Recommendations

1. Phased Rollout Approach
   • Week 1-2: Report-only mode, gather usage data
   • Week 3-4: Warn mode for user education
   • Week 5+: Full block mode enforcement
2. User Communication Strategy[computerworld.com]
   • Send organization-wide email explaining policy
   • Provide approved alternatives
   • Create FAQ document
   • Offer training on secure browsing practices
3. Continuous Monitoring
   • Review Cloud Discovery weekly for new AI apps
   • Monitor activity logs daily for policy violations
   • Track emerging AI browser releases
   • Update indicators quarterly
4. Exception Process
   • Create formal request process for exceptions
   • Require executive approval for high-risk apps
   • Document business justification
   • Apply additional controls for approved exceptions (DLP, session monitoring)
5. Defense in Depth[wolkenman….dpress.com]
   • Don’t rely solely on browser blocking
   • Implement data loss prevention (DLP)
   • Use endpoint detection and response (EDR)
   • Enable Microsoft Purview for data governance
   • Deploy insider risk management

Policy Comparison Table

Recommended Combination: Use Cloud Discovery + Unsanctioning AND Access Policies for comprehensive coverage.

Staying Current: Monitoring New AI Browsers

AI browsers are rapidly evolving. Stay ahead of threats:

Monthly Review Checklist

✅ Cloud App Catalog Updates

• Review newly discovered apps in Generative AI category
• Check for new AI Model Providers
• Assess risk scores of emerging tools

✅ Threat Intelligence

• Monitor Gartner reports on AI browser security [gartner.com]
• Follow Microsoft Security Blog
• Subscribe to CISA alerts
• Track CVE databases for AI browser vulnerabilities

✅ Policy Effectiveness

• Review blocked connection attempts
• Analyze bypass attempts
• Update user-agent filters
• Refine domain lists

Emerging AI Browsers to Monitor

Beyond Comet and Atlas, watch for:

• Brave Leo Browser (AI-enhanced features)
• Opera One (integrated AI)
• Arc Browser (with AI capabilities)
• SigmaOS (AI-powered browsing)
• Browser Company products

Compliance and Documentation

Required Documentation

Maintain these records for audit purposes:

1. Policy Documentation
   • Policy names, purposes, and justifications
   • Configuration settings and filters
   • Approval chains and stakeholder sign-offs
2. Change Log
   • Policy modifications
   • Domain additions/removals
   • Exception approvals
3. Incident Reports
   • Blocked access attempts
   • Policy violations
   • User complaints and resolutions
4. Risk Assessment
   • Why AI browsers are blocked
   • Business impact analysis
   • Alternative solutions provided to users

Regulatory Considerations

Consider these compliance frameworks:

Conclusion: Taking Action Against AI Browser Risks

The threat posed by AI browsers like Perplexity’s Comet is real, immediate, and growing. With security experts uniformly recommending that organizations “block all AI browsers for the foreseeable future,”the time for action is now—not later. [pcmag.com], [gartner.com]

Key Takeaways:

1. Gartner’s Warning is Clear: AI browsers introduce “irreversible and untraceable” data loss risks that traditional controls cannot adequately mitigate [computerworld.com]
2. Multi-Layered Defense is Essential: Combining Cloud Discovery, Session Policies, Access Policies, and Network Protection provides comprehensive coverage
3. Microsoft 365 Business Premium Provides the Tools: With Defender for Cloud Apps and Defender for Endpoint, you have enterprise-grade capabilities to detect and block AI browsers
4. User Education is Critical: Technical controls must be paired with clear communication about why AI browsers pose risks and what alternatives are approved
5. Continuous Vigilance Required: The AI browser landscape evolves rapidly; monthly reviews of your defenses are essential [computerworld.com]

Immediate Action Steps

This Week:

1. ✅ Enable Cloud Discovery and filter for Generative AI apps
2. ✅ Review current AI browser usage in your organization
3. ✅ Enable “Enforce App Access” in Defender for Cloud Apps
4. ✅ Verify Network Protection is enabled in Defender for Endpoint

Next Week:

1. ✅ Create Conditional Access policy routing traffic to MDCA
2. ✅ Unsanction Comet and other AI browsers
3. ✅ Create custom domain indicators for Perplexity infrastructure
4. ✅ Deploy in Report-only mode for pilot group

Within 30 Days:

1. ✅ Create Access Policies with user-agent filtering
2. ✅ Enable full blocking mode organization-wide
3. ✅ Communicate policy to all users
4. ✅ Establish ongoing monitoring processes

Additional Resources

Microsoft Documentation:

• Control cloud apps with policies – Microsoft Defender for Cloud Apps [learn.microsoft.com]
• Govern discovered apps – Microsoft Defender for Cloud Apps [learn.microsoft.com]
• Create session policies – Microsoft Defender for Cloud Apps [learn.microsoft.com]
• Create access policies – Microsoft Defender for Cloud Apps [learn.microsoft.com]

Security Research:

• Gartner: Cybersecurity Must Block AI Browsers for Now [gartner.com]
• Keep AI browsers out of your enterprise, warns Gartner – Computerworld [computerworld.com]
• Security Experts Warn Companies to ‘Block All AI Browsers Now’ – PCMag [pcmag.com]

Community Resources:

• Defender for Cloud Apps block AI apps on your workplace – Wolkenman.nl [wolkenman….dpress.com]
• Block Malicious User Agents in Microsoft 365 – SecurityHQ [securityhq.com]