Regaining Control Over Unmanaged GenAI Apps: New Microsoft Purview Enhancements in Edge

on
Many organizations are growing increasingly concerned about the widespread use of unsanctioned Generative AI (GenAI) tools. These apps, often accessed through unmanaged browsers, pose significant risks to data security and compliance. To help with this, Microsoft is now updating some features in  Microsoft Purview that will enhance policy enforcement for unmanaged cloud apps accessed via the Edge browser.  What’s Changing? Previously, enforcing Purview Data Loss Prevention (DLP) and Collection policies required manual creation of Edge configuration policies. These policies were often complex and needed to be scoped correctly to block unsupported browsers or apply protections. With this update, Microsoft automates much of that process: Collection Policies now apply directly within Edge without needing a separate blocking configuration. DLP Policies automatically generate Edge configuration policies that align with the scope of the DLP rules. DLP policies can operate in two mode...

Signing scripts, from now on

on
During the Lyncconf13, I was lucky enough to win a certificate from digicert in give away competition from the The UC Architects. It didn't take long to decide what to do with the gift. I decided to get a code signing certificate for my online scripts.

Now, you should be able to run the scripts directly by downloading them to your labs, without tampering with the script, it's security settings or your power shell security setting.

A benefit for me, is to see if the script has been tampered with if it does not work on a tested system. I decided to sign all my backup scripts, and I will also sign every new script I post on my blog.

As a side note: I was wondering if signing a lot of certificates was going to take a long time. I turned to power shell  and scripted it. What else "could" I do? It turned out to be quite easy, and done in a few minutes (writing the code, signing took seconds)


param ([Parameter(Mandatory=$true)][string]$folder,[string]$certvalue)

cd $folder

$cert = @(gci cert:\currentuser\my -codesigning)[$certvalue]
foreach ($scripts in (Get-ChildItem)){
Set-AuthenticodeSignature $scripts $cert}

All my backup scripts have been updated, so if you download these scripts now, they will be signed. (If your machine trusts Digicert, you should be in good shape.)

Here are two posts I used as reference:
http://technet.microsoft.com/nb-no/magazine/2008.04.powershell(en-us).aspx
http://tfl09.blogspot.no/2010/06/signing-powershell-scripts.html