Regaining Control Over Unmanaged GenAI Apps: New Microsoft Purview Enhancements in Edge

Many organizations are growing increasingly concerned about the widespread use of unsanctioned Generative AI (GenAI) tools. These apps, often accessed through unmanaged browsers, pose significant risks to data security and compliance. To help with this, Microsoft is now updating some features in  Microsoft Purview that will enhance policy enforcement for unmanaged cloud apps accessed via the Edge browser.  What’s Changing? Previously, enforcing Purview Data Loss Prevention (DLP) and Collection policies required manual creation of Edge configuration policies. These policies were often complex and needed to be scoped correctly to block unsupported browsers or apply protections. With this update, Microsoft automates much of that process: Collection Policies now apply directly within Edge without needing a separate blocking configuration. DLP Policies automatically generate Edge configuration policies that align with the scope of the DLP rules. DLP policies can operate in two mode...

Important certificate note to self

I've been having issues on a server, where I was supposed to create a secure channel (tls) to a remote server for synchronizing the exchange free/busy information on users. I long suspected it to be certificate related, but I always ended up by turning ssl of (thus running unencrypted). I thought I had it all done right, when importing the root certificate of the CA to the trusted root. But it never solved my problem. 

Thanks to my OCS course, a bright light dawned on me. The reason why the TLS failed could be several. First of all, if you are running the sync service as a service on the server, the certificate must be in the trusted root of the computer, not the administrator (or other account which you are installing as). Second, if the service is set up to "run as" a separate user. It is a good idea to log on as that particular user, and import the certificate as that user. Quite simple when you think about it, but not always intuitive..... :P