Regaining Control Over Unmanaged GenAI Apps: New Microsoft Purview Enhancements in Edge

Many organizations are growing increasingly concerned about the widespread use of unsanctioned Generative AI (GenAI) tools. These apps, often accessed through unmanaged browsers, pose significant risks to data security and compliance. To help with this, Microsoft is now updating some features in  Microsoft Purview that will enhance policy enforcement for unmanaged cloud apps accessed via the Edge browser.  What’s Changing? Previously, enforcing Purview Data Loss Prevention (DLP) and Collection policies required manual creation of Edge configuration policies. These policies were often complex and needed to be scoped correctly to block unsupported browsers or apply protections. With this update, Microsoft automates much of that process: Collection Policies now apply directly within Edge without needing a separate blocking configuration. DLP Policies automatically generate Edge configuration policies that align with the scope of the DLP rules. DLP policies can operate in two mode...

OCS Edge issues

Here are a tips regarding an Edge installation I recently deployed.

1. Edge does not support *.domain.whatever certificates. You need one cert per service.

2. Default values on a A/V edge settings on a pool states port 443. This is wrong, as when you install the edge it states 5062. (described in this blogpost).

3. Edge services currently only support the US regional settings. If you experience unexplainable issues, try to log on to the server as the service account and change region to English US (ther is a hotfix for this, but it's not widely available. (You need to contact MS to get it).
Read about it here.

I know you'll find this if you search for it, but I just wanted to collect them here for future referance for myself