In this blog post, I will show you all the policies and steps you need to follow to block DeepSeek using Intune. I will be blocking Deekseek on Windows, iOS, Android and macOS devices, ensuring that it cannot be accessed from any device or web browser. The block could be due to company or government guidelines which prohibit access to AI tools.
About DeepSeek: DeepSeek, founded in 2023, is a free to use chatbot similar to ChatGPT which provides artificial intelligence services. It can answer your questions, solve logical problems and also write computer programs. The queries sent to DeepSeek are also referred to as prompts which are instructions in plain language clearly stating your requirements.
You can consider blocking DeekSeek or similar AI tools like ChatGPT due to the following security reasons:
- Data Privacy and Security: If DeepSeek or similar tools have access to sensitive data, blocking them might be necessary to prevent unauthorized data collection, leaks, or misuse, especially in organizations handling confidential information.
- Compliance and Regulations: Enterprises operating under strict regulatory frameworks (e.g., GDPR, HIPAA) may block AI tools to ensure compliance with data protection laws and avoid legal risks.
- Resource Management: AI tools can consume significant computational resources, which might interfere with other critical systems or workflows, leading to performance issues.
- Control Over Technology: Organizations may prefer to limit the use of external AI tools to maintain control over their technological ecosystem and avoid dependency on third-party solutions.
- Ethical or Policy Concerns: Some organizations may block AI tools due to ethical concerns, such as potential biases in AI algorithms or the lack of transparency in how the tools operate.
- Preventing Misuse: Blocking AI tools can help prevent employees from using them inappropriately, such as generating misleading content or automating tasks in ways that violate company policies.
Below steps categorize blocking of DeepSeek on various devices using Intune. If you want to, you can use the same steps to block ChatGPT as well. Simply replace the websites, BundleID or app from DeekSeek to ChatGPT, when creating the policies.
| Device | Description | Steps to Block DeepSeek |
|---|---|---|
| iOS/iPadOS Corporate devices (Supervised) | Hide and block DeepSeek app from being launched. | 1. Intune admin center > Devices > iOS/iPadOS > Configuration > Create > New Policy > Settings Catalog. 2. Click on Add Settings > Search for Blocked App Bundle IDs > Enter the bundle ID: com.deepseek.chat. 3. Assign the policy to users/devices group. |
| iOS/iPadOS Corporate devices (Supervised) | Uninstall DeepSeek App from iOS devices. | 1. Intune admin center > Apps > iOS/iPadOS > Create > Select App type as iOS Store app. 2. Search for DeepSeek – AI Assistant app and select the app. 3. In the Assignments tab, Add All users or All devices under the Uninstall assignment section. |
| iOS/iPadOS (BYOD or Personal Devices) | Use an existing Intune Compliance policy for iOS/iPadOS or create a new one to block DeepSeek app. ➕ Combine this policy with Entra conditional access policy and require the device to be marked as compliant for accessing corporate data or apps.  | 1. Intune admin center > Devices > iOS/iPadOS > Compliance > Create policy. 2. Scroll down to System security > Restricted apps and provide below values: — Name: DeepSeek – AI Assistant — Bundle ID: com.deepseek.chat 3. Action for noncompliance: Mark device noncompliant Immediately. 4. Assign the policy to users or device entra group. |
| Android (Enterprise corporate owned, fully managed devices and Personally owned devices) | Uninstall DeepSeek App | 1. Intune admin center > Apps > Android > Create > select Managed Google Play app. Search for DeepSeek app, Select the App and click Sync.  2. Go to Apps > Android > select DeepSeek – AI Assistant app > Properties > Edit next to Assignments. 3. Under Uninstall assignment section and add all users or all devices. Create the deployment.  |
| Windows | Block DeepSeek websites using Defender for Endpoint | Refer to the post, which provides Step-by-step guidance on blocking DeepSeek domain/URLs using Defender. Also Enable Network Protection using an Intune Settings catalog policy and assign this policy to Windows devices.  |
| macOS | Block DeepSeek websites using Defender for Endpoint | Similar to Enabling Network Protection in Windows, Enable Network Protection on macOS devices as well using a Settings catalog policy. Refer to below screenshot for more details. |
Troubleshooting and Logs
After you create all these policies for various devices to block DeepSeek completely, I will recommend you to monitor all these policies and ensure that they are all applied successfully. If a policy is not applied to a particular device for any reason, DeekSeek will continue to work, which could be a security issue.
If you want to troubleshoot a specific issue, you can collect the logs from Windows, macOS devices. Refer to the below blog posts which shows all the steps to collect Intune related logs from Windows and macOS devices remotely.
| Device Type | Steps to Monitor the Policies |
|---|---|
| iOS/iPadOS (DeepSeek Bundle ID block Configuration policy monitoring) | Intune admin center > Devices > iOS/iPadOS > Configuration. Find and open the configuration policy. Click on View Report. |
| iOS/iPadOS (DeepSeek Uninstall Deployment monitoring) | Intune admin center > Apps > iOS/iPadOS > Open the DeekSeek App and go to the Overview page to monitor the Uninstall deployment. |
| iOS/iPadOS (DeepSeek Block in Compliance Policy monitoring) | Intune admin center > Devices > iOS/iPadOS > Compliance > Open the compliance policy which restricts DeepSeek app and click on View report. |
| Android | Intune admin center > Apps > Android > Find DeepSeek – AI Assistant app and click on it to open. Go to the Overview page to monitor the Uninstallation. |
| Windows | Reports > Web protection in the Microsoft Defender portal. Sign in to the Intune admin center > Devices > Configuration. Open the policy in which you have enabled Network Protection. Click on View report to access more detailed information. |
| macOS | Sign in to the Intune admin center > Devices > Configuration. Open the policy in which you have enabled Network Protection. Click on View report to access more detailed information. |
Conclusion
This blog post provides the steps for administrators to block DeepSeek on Intune-managed devices. After implementing all the measures and steps as given in the previous section, Deepseek will be completely blocked on all managed devices.
I have tried to keep the post short and concise and only provided the important bits for quickly access to the information when needed. You can go through the rest of my blog where you will find many posts showing the steps to implement these policies.
