Microsoft has quietly rolled out a long-awaited governance feature for its Edge for Business browser: IT administrators can now specify exactly which websites the integrated Copilot AI is permitted to access. The new allow and block lists, managed through the Edge management service, give enterprise security teams a much-needed perimeter around how Microsoft’s generative AI assistant interacts with internal and external web content. The change answers a pressing demand from regulated industries and security-conscious organizations that have been uneasy about Copilot’s default ability to browse the open web when assisting employees.

How the New Copilot Browsing Controls Work

The mechanism is straightforward. Within the Edge management service—accessible through the Microsoft 365 admin center—admins can now define lists of URLs that either permit or forbid Copilot from fetching page data when a user invokes the assistant. These lists apply specifically to Copilot’s "Browse" capability, where the AI can read and summarize the current webpage or search the internet to answer questions.

When an employee uses Copilot in the Edge sidebar or from within an Edge for Business tab, the browser checks the URL against the configured policy. If the site sits on a block list, Copilot will either refuse to access its content or will degrade gracefully, offering only generic responses. Conversely, an allow list can lock down Copilot so it only ever touches a pre-approved set of domains—a model well-suited for high-compliance environments like healthcare, finance, or government.

Administrators can create global lists that apply to all users, or they can tailor policies to specific security groups. The filtering integrates with the existing Microsoft 365 and Edge policy framework, meaning it can be combined with other controls such as conditional access, data loss prevention, and web content filtering. Microsoft has not yet publicly detailed whether the feature supports wildcards or category-based filtering, but the core allow/block pattern is consistent with other Edge management capabilities.

Why This Matters for Enterprise Security

For IT and security professionals, the new controls close a significant gap. Since Copilot launched in Edge, organizations have had only blunt instruments to control its browsing: turning Copilot off entirely, or relying on general web filtering that doesn’t distinguish between human-initiated navigation and AI-driven retrieval. That binary choice forced many enterprises to block Copilot altogether, sacrificing the productivity benefits it could bring to tasks like summarizing competitor pages, drafting responses based on public data, or pulling technical documentation.

Now, admins can craft a more nuanced policy. They can, for instance, block Copilot from accessing internal SharePoint sites, HR portals, or proprietary web apps that might expose sensitive data in a prompt. At the same time, they can allow it to freely browse trusted public domains like Microsoft Learn, Wikipedia, or approved vendor sites. This layered approach means Copilot becomes a tool that works within the organization’s security posture, rather than a rogue agent that needs to be entirely neutered.

For employees, the experience will be seamless when they’re on an allowed site—Copilot works as usual. When they bump against a blocked page, the assistant will simply decline and perhaps prompt them to check with their admin. That clarity helps users understand the boundaries without eroding trust in the AI. Business owners and department leads can finally champion Copilot adoption without fearing an inadvertent data spill, because the browser itself enforces the guardrails.

The Road to AI Governance in the Browser

To understand why this feature is arriving now, it helps to trace Microsoft’s journey with Copilot in the browser. In 2023, Copilot first appeared in Edge as a sidebar companion, offering chat and page summarization. It quickly became apparent that the assistant could read any page a user was on, including internal dashboards, customer records in Salesforce, or confidential documents in a web-based CRM. While Microsoft assured that data wasn’t used to train models, the lack of administrative oversight made many CISOs pause.

The introduction of Edge for Business in August 2023 provided some separation between personal and work browsing, but Copilot still operated without URL-level restrictions. Throughout 2024, Microsoft added enterprise-focused features like Bing Chat Enterprise (later rebranded to Copilot with commercial data protection) and admin controls for Copilot in the Microsoft 365 app. However, the browser-side governance remained a known blind spot. Requests for allow/block lists appeared repeatedly on Microsoft’s feedback forums and in enterprise customer meetings, particularly as Copilot gained the ability to actively browse the web rather than rely solely on its training data.

The current release aligns with a broader industry push for AI governance frameworks. Regulators are demanding explainable AI and data sovereignty, while standards bodies like NIST are publishing AI risk management guidelines. By giving IT control over what Copilot sees, Microsoft is effectively creating a browser-native DLP layer for AI prompts—one that can be audited and enforced without additional third-party tools.

How to Enable Copilot URL Filtering in Your Organization

For admins ready to deploy the feature, the path begins in the Microsoft 365 admin center under the Edge management service. Here’s a high-level walkthrough based on the available documentation:

  1. Access the Edge management service: Log into admin.microsoft.com and navigate to Settings > Edge > Copilot controls. If you don’t see the option, ensure your tenant has Edge for Business deployed and that you’re running the latest stable version of Microsoft Edge.

  2. Define a policy: Create a new policy targeting specific user groups. Give it a descriptive name such as "Copilot Allowlist – Marketing" or "Global Blocklist – Internal Apps."

  3. Build your lists: Enter the full URLs or domains you want to allow or block. Microsoft supports standard URL matching, so you can block entire domains (e.g., *.internal.contoso.com) or specific paths.

  4. Test with a pilot group: Before rolling out to the entire organization, apply the policy to a small set of users. Verify that Copilot behaves as expected on both allowed and blocked sites. Use Edge’s browser logs to confirm the policy is being enforced.

  5. Monitor and iterate: Once satisfied, expand the policy’s scope. Plan for regular reviews—new web apps come online, and Copilot’s capabilities evolve, so allow lists should be living documents.

One important caveat: the feature only applies to Copilot when it’s used inside Microsoft Edge for Business. Users who access Copilot through copilot.microsoft.com, the mobile app, or other endpoints will not be affected by these browser-level policies. For a complete governance posture, admins should combine Edge’s URL filtering with broader Microsoft 365 Copilot controls and network-level web filtering.

What’s Next: The Expanding Copilot Perimeter

URL allow/block lists are likely just the first step in a deeper set of browser-based AI controls. Microsoft has signaled its intent to make Copilot a pervasive productivity tool across Windows, Office, and Edge. As the assistant gains more autonomous capabilities—like the ability to take actions on websites or interact with web forms—IT will need even more granular permissions. Expect to see category-based filtering, time-of-day restrictions, and integration with Microsoft Purview’s data classification labels in future updates.

For now, the new feature is a pragmatic win for enterprise IT. It transforms Copilot from a binary threat—either all-in or all-out—into a configurable asset. Organizations that had been holding back on Copilot adoption can now pilot it safely, confident that a simple URL list can keep the AI’s eyes off their most sensitive screens. The AI browser perimeter is here; it’s up to admins to draw the lines.