{"id":55923,"date":"2026-06-04T15:16:00","date_gmt":"2026-06-04T19:16:00","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=55923"},"modified":"2026-06-04T15:16:00","modified_gmt":"2026-06-04T19:16:00","slug":"how-to-disable-ai-in-copilot-gemini-apple-intelligence","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/how-to-disable-ai-in-copilot-gemini-apple-intelligence\/55923\/","title":{"rendered":"Turning off uninvited AI on corporate devices"},"content":{"rendered":"

Lately, software developers have been baking AI features straight into everyday work tools, operating systems, and browsers. In some cases, they\u2019re genuinely handy. However, their presence introduces specific risks, which means plenty of companies are hesitant to give employees access to these tools. In a previous post<\/a>, we categorized these unwanted AI systems, looked at how to spot them at the network and endpoint levels, and covered the ultimate universal kill switch: managing OAuth access across major corporate platforms. In this deep dive, we\u2019re getting tactical: breaking down how to disable or restrict the AI built into popular platforms.<\/p>\n

A quick heads-up: major software vendors occasionally change the names of their AI settings and tweak how they function. If any of the options mentioned below are missing or aren\u2019t working as expected, a quick web search for the setting\u2019s name will usually point you to its new location or branding.<\/p>\n

How to turn off Microsoft 365 Copilot<\/h2>\n

Detection:<\/strong> you can check actual Copilot usage in the logs by going to Microsoft 365 admin<\/em> \u2192 \u00a0Copilot usage report<\/em>.<\/p>\n

Disabling via policies:<\/strong> in the Microsoft 365Admin Center, go to Settings<\/em> \u2192 \u00a0Integrated Apps<\/em>, find Copilot<\/em> in the Available Apps<\/em> list, and select Block<\/em>. More granular configuration policies are available under Customization<\/em> \u2192 \u00a0Policy Management<\/em>. The Policies<\/em> page here contains over two thousand entries, so you\u2019ll want to filter them by the keyword \u201cCopilot\u201d (detailed guide<\/a>). Given that Copilot is a paid add-on for Office, another way to block it\u00a0\u2014 and save money by doing so\u00a0\u2014 is to simply avoid assigning users SKUs that include Copilot.<\/p>\n

We recommend separately blocking Copilot Chat, which is available in Teams, Edge, Outlook, and several other services. Yes, it\u2019s not Copilot itself. And yes, it has to be blocked separately by following this guide<\/a>.<\/p>\n

Additional layer of protection: you can block the domains copilot.cloud.microsoft<\/em> and m365.cloud.microsoft\/chat<\/em> at the web filter or NGFW level. However, Microsoft explicitly advises against this, warning that it could break other Microsoft 365 features.<\/p>\n

How to turn off Windows Copilot<\/h2>\n

Beyond the Office version of Copilot, you also need to manage its consumer-facing cousin.<\/p>\n

Detection: look through your NGFW or other network logs for traffic hitting copilot.microsoft.com<\/em>, bing.com\/chat<\/em>, or edgeservices.bing.com<\/em>.
\nDisabling via policies: in Windows Group Policy, navigate to Computer Config<\/em> \u2192 \u00a0Admin Templates<\/em> \u2192 \u00a0Windows Components<\/em> \u2192 \u00a0Windows Copilot<\/em>. In Microsoft 365 Group Policy, go to Admin center<\/em> \u2192 \u00a0Block consumer Copilot for organizational accounts<\/em>.<\/p>\n

Additional layer of protection: block the Copilot.exe<\/em> executable from running entirely.<\/p>\n

How to turn off the Copilot sidebar in Edge<\/h2>\n

Detection: look through your NGFW or other network logs for traffic hitting copilot.microsoft.com<\/em>, bing.com\/chat<\/em>, or edgeservices.bing.com<\/em>.<\/p>\n

Blocking: configure the following MS Edge Group Policies<\/a>: HubsSidebarEnabled<\/em> = false, EdgeShoppingAssistantEnabled<\/em> = false, CopilotPageContext<\/em> = Disabled (false), CopilotNewTabPageEnabled<\/a><\/em> = false, Microsoft365CopilotChatIconEnabled<\/em> = false, GenAILocalFoundationalModelSettings = 1<\/a><\/em> (note that disabling this unexpectedly requires a 1 instead of a 0).<\/p>\n

Second layer of protection: block the domains copilot.cloud.microsoft<\/em> and m365.cloud.microsoft\/chat<\/em> at the web filter or NGFW level. However, Microsoft explicitly advises against this, warning that it could break other features.<\/p>\n

How to turn off the Gemini Assistant in Google Workspace<\/h2>\n

Detection: check the Workspace Admin Console (admin.google.com<\/em>), Gemini usage<\/em> report section.<\/p>\n

Blocking via policies: in the Admin Console, navigate to Apps<\/em> \u2192 \u00a0Additional Google services<\/em> \u2192 > Gemini app<\/em>, and set it to OFF<\/em>. Then, go to Manage Workspace smart feature settings<\/em> \u2192 \u00a0Smart features in Google Workspace<\/em>, and set it to OFF<\/em>.<\/p>\n

Second layer of protection: block network traffic to the domains gemini.google.com<\/em>, bard.google.com<\/em>, and aistudio.google.com<\/em>.<\/p>\n

How to turn off Gemini in Google Chrome<\/h2>\n

Detection: check your Chrome Enterprise reports (Chrome management<\/em> \u2192 \u00a0Reports<\/em>), or look through network traffic logs for connections to the previously mentioned domains.<\/p>\n

Blocking via policies: in your Chrome Enterprise policies<\/a>, configure the following settings: GenAILocalFoundationalModelSettings<\/em> = 0, HelpMeWriteSettings<\/a><\/em> = 2 (disabled), TabOrganizerSettings <\/em>= 2, CreateThemesSettings<\/em> = 2, DevToolsGenAiSettings<\/em> = 2.<\/p>\n

Additional layer of protection: block network traffic to the domains gemini.google.com<\/em>, bard.google.com<\/em>, and aistudio.google.com<\/em>. Additionally, block unauthorized Chrome\/Chromium installations (those outside your policy management) with the help of host-based application control tools like EPP\/EDR or AppLocker.<\/p>\n

\u00a0<\/p>\n

How to turn off Apple Intelligence<\/h2>\n

Detection: on your NGFW and web filters, traffic hitting apple-relay.apple.com<\/em> and *.apple-cloudkit.com<\/em> is a clear indicator that Apple Intelligence is active.<\/p>\n

Blocking via policies: any managed Apple device allows you to disable individual AI features, though there isn\u2019t a master switch you can flip to shut down \u201call AI\u201d. In your MDM profile, you need to set the following keys to false<\/em> (disabled): allowWritingTools<\/em>, allowMailSummary<\/em>, allowGenmoji<\/em>, allowImagePlayground<\/em>, allowImageWand<\/em>, allowPersonalizedHandwritingResults<\/em>, allowExternalIntelligenceIntegrations<\/em>, allowExternalIntelligenceIntegrationsSignIn<\/em>, allowNotesTranscription<\/em>, and allowNotesTranscriptionSummary<\/em>. Here is a brief configuration example:<\/p>\n

<dict>
\n\u00a0\u00a0\u00a0<key>PayloadType<\/em><\/key>
\n\u00a0\u00a0\u00a0<string>com.apple.applicationaccess<\/em><\/string>
\n\u00a0\u00a0\u00a0<key>allowWritingTools<\/em><\/key>
\n\u00a0\u00a0\u00a0<false\/>
\n\u00a0\u00a0\u00a0<key>allowMailSummary<\/em><\/key>
\n\u00a0\u00a0\u00a0<false\/>
\n<\/dict><\/p>\n

Despite Apple\u2019s shift toward declarative device management, these AI features still need to be managed through traditional MDM payload settings.<\/p>\n

Second layer of protection: block network traffic to the hosts mentioned above\u00a0\u2014 though the obvious downside for mobile devices is that this won\u2019t work once they leave the corporate network.<\/p>\n","protected":false},"excerpt":{"rendered":"

A guide to detecting and blocking built-in AI features in popular software products. <\/p>\n","protected":false},"author":2722,"featured_media":55924,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3051],"tags":[1140,4703,4642,1876,97],"class_list":{"0":"post-55923","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"tag-ai","10":"tag-ai-agents","11":"tag-llm","12":"tag-machine-learning","13":"tag-security-2"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/how-to-disable-ai-in-copilot-gemini-apple-intelligence\/55923\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/how-to-disable-ai-in-copilot-gemini-apple-intelligence\/42015\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/how-to-disable-ai-in-copilot-gemini-apple-intelligence\/30738\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/ai\/","name":"AI"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/55923","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2722"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=55923"}],"version-history":[{"count":4,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/55923\/revisions"}],"predecessor-version":[{"id":55928,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/55923\/revisions\/55928"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/55924"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=55923"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=55923"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=55923"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}