Enable Microsoft Defender for Endpoint for RexCommand Shadow AI Detection

RexCommand uses Microsoft Defender Indicators to detect web domains that are likely to be AI chatbots. RexCommand maintains the indicator list for you—once you enable the required Defender setting and connect Defender to RexCommand, RexCommand manages the rest.

This article walks you through the required Defender configuration and an optional step to improve browser telemetry outside of Microsoft Edge (for example, Google Chrome).

Prerequisites

• A Microsoft Defender for Endpoint subscription Plan 3 (P3) or higher.

• An account with admin permissions to change settings in Microsoft Defender for Endpoint.

• For Shadow AI detection using Defender: Windows 10 version 1709 or later on each device you want covered.

Outcome

After you complete this article:

• Custom network indicators are enabled in Microsoft Defender for Endpoint (required).

• (Optional) Network protection is enabled on endpoints to improve telemetry for non-Edge browsers (for example, Chrome).

• You are fully connected to Microsoft Defender with RexCommand.

Step 1 (required): Enable Custom network indicators

1. Navigate to https://security.microsoft.com/.

   • 

2. In the Navigation Menubar, scroll down and select System.

   • 

3. Select Settings.

4. Select Endpoints.

   • 

5. On the Endpoints screen, scroll to Advanced features.

6. Find Custom network indicators and toggle it On (if it is not already enabled).

   • 

Step 2 (optional): Improve telemetry for browsers outside Microsoft Edge

This step can improve Shadow AI detection reporting for browsers such as Google Chrome.

Prerequisites for this step

• An endpoint management service (for example, Microsoft Intune) to run a policy or script across devices.

1. Use your endpoint management tool to run the following commands on each Windows device you want included in reporting:

2. Confirm the commands have run successfully across your target devices.