Deepseek
The following is in place to block access to DeepSeek at PBR -
MDE - URL Block
- 
- Deepseek URL - deepseek.com is blocked in MDE (MDE > Settings > Endpoints > Indicators > URL's / Domains)
- this blocks all sub domains
- applies to all windows devices enrolled in MDE and to all major web browsers
- this will block even when devices are remote to PBR network
 
Palo Alto - URL filtering
- 
- URL filtering is in place to block Deepseek URL (*.deepseek.com/)
- this has been applied to the following security policy's on all Palo's (B1, KL1, M1, L1, KT1) 
 - outbound-default policy
- freewifi-outbound-default policy 
 
- this blocks all sub domains
- applies to any devices connected to PBR network, including wifi - corporate, internet & free wifi
 
Intune - iOS URL Blocking
- 
- there is an Intune policy to block deepseek URL (https://www.deepseek.com/) , policy is named iOS Block URL's
- this policy is applied to the following groups
- Intune_iOS_iPhones_Individual
- Intune_iOS_iPhones_Role
- Intune_iPads_BI
- Intune_iPads_SL
- Intune_iPads_EH
 
- this appears to block sub domains, although documentation suggests otherwise
- this blocks URL's on all iOS devices that are Intune enrolled
- this will block even when devices are remote to PBR network
- this policy will also block content not suitable for children as per Apple Statement Below
 
Use Apple’s built in AutoFilter algorithm that looks for adult language, i.e. swearing and sexually explicit language. This function evaluates each web page as it is loaded and attempts to identify and block content not suitable for children. If you have specific URLs that need to bypass Apple’s filtering algorithm, add them to Permitted URLs list. If you have specific URLs that need to be blocked regardless of Apple’s AutoFilter, add them to the Blocked URLs list.
Intune - Restricted Apps
- Have added DeepSeek to the Restricted Apps Policy which is applied to All Devices
- Have also added DeepSeek as an App (Intune > Apps > All Apps > DeepSeek) and have set Assignments > Uninstall to be All Devices
- As a result of this policy, users can download and install the DeepSeek App on an corporate iOS device, but as soon as it is detected by Intune it will be automatically uninstalled at next sync
Important Notes: Scenarios where DeepSeek is Not blocked
- Non Intune enrolled PBR owned iOS devices (typically mobiles) are not blocked by the Intune policies.. these devices are only blocked when connecting to the internet through a PBR Firewall
- Gembrook station has no Palo, so no URL block in place.
 
                
No comments to display
No comments to display