Technical Tip: Blocking Microsoft Copilot and the differences between Copilot App and Microsoft 365 Copilot

There are significant differences on connectivity behavior when it comes to Copilot, which introduces some caveats specifically for Microsoft 365 Copilot. The following are three ways to access Copilot and an explanation of how FortiGate can block it:

1. When using the browser to access copilot.microsoft.com, a simple firewall policy that uses Certificate Inspection in conjunction with either DNS Profile/Web Filter (matching on copilot.microsoft.com) or Application Control (Application ID 53352) will suffice to block it. This can be verified via the CLI. For example:

Firewall-1 # diagnose sys session list | grep -A 5 -B 10 53352

session info: proto=6 proto_state=11 duration=4 expire=28 timeout=3600 flags=00000000 socktype=0 sockport=443 
hook=post dir=org act=snat 10.127.11.87:64955->104.18.23.222:443(10.5.211.222:64955)
hook=pre dir=reply act=dnat 104.18.23.222:443->10.5.211.222:64955(10.127.11.87:64955)
hook=post dir=reply act=noop 104.18.23.222:443->10.127.11.87:64955(0.0.0.0:0)
pos/(before,after) 0/(0,0), 0/(0,0)
misc=0 policy_id=95 pol_uuid_idx=1193 auth_info=0 chk_client_info=0 vd=0
serial=0002378a tos=08/08 app_list=2007 app=53352 url_cat=0
rpdb_link_id=00000000 ngfwid=n/a
npu_state=0x041108
no_ofld_reason: redir-to-av block-by-ips redir-to-ips denied-by-nturbo non-npu-intf

In this case, there is a match for Copilot App ID 53352.

Note how the traffic is destined for 104.18.23.222, which is one of the two current A Records for Copilot:

C:\Users\test>nslookup copilot.microsoft.com

Non-authoritative answer:

Name: copilot.microsoft.com.cdn.cloudflare.net
104.18.22.222
104.18.23.222

2. Copilot Application: The same configurations shown in point 1 can be used and the connection will be blocked. This can be observed in the packet capture below, which shows how the traffic is directly destined for Copilot:

3. Microsoft 365 Copilot uses a different way of pushing traffic with its embedded Copilot Chat. In this case, there are no DNS requests seen to copilot.microsoft.com or any Layer3 connectivity towards the two well-known IPs 104.18.22.222 and 104.18.23.222. Even after enabling Deep Inspection the traffic logs, application control and session list logs show flows for the Application Microsoft Portal (App IDs 41468 & 41469) and not Copilot (App ID 53352), and there are several DNS requests to substrate.office.com, so traffic is allowed as FortiGate cannot recognize it as belonging to Copilot.

For this case, traffic is not directly pushed to Copilot. The only way to block it is by matching Microsoft Portal or substrate.office.com, although this can have undesired effects since this will likely affect other Microsoft flows. As a result, the recommendation is to block it at the host level:

Firewall-1 # diagnose sys session list | grep -A 5 -B 10 41469

hook=post dir=org act=snat 192.168.2.22:34321->20.44.10.123:443(10.10.10.1:34321)
hook=pre dir=reply act=dnat 20.44.10.123:443->10.10.10.1:34321(10.10.10.1:34321) <----- Microsoft IP.
hook=post dir=reply act=noop 20.44.10.123:443->192.168.2.22:34321(0.0.0.0:0)
pos/(before,after) 0/(0,0), 0/(0,0)
misc=0 policy_id=114 pol_uuid_idx=1118 auth_info=0 chk_client_info=0 vd=0
serial=09d6e92d tos=08/08 app_list=2010 app=41469 url_cat=0
sdwan_mbr_seq=2 sdwan_service_id=5
rpdb_link_id=ff000005 ngfwid=n/a
npu_state=0x001001 no_offload
no_ofld_reason: block-by-ips disabled-by-policy redir-to-ips