Regaining Control Over Unmanaged GenAI Apps: New Microsoft Purview Enhancements in Edge

Many organizations are growing increasingly concerned about the widespread use of unsanctioned Generative AI (GenAI) tools. These apps, often accessed through unmanaged browsers, pose significant risks to data security and compliance. To help with this, Microsoft is now updating some features in  Microsoft Purview that will enhance policy enforcement for unmanaged cloud apps accessed via the Edge browser.  What’s Changing? Previously, enforcing Purview Data Loss Prevention (DLP) and Collection policies required manual creation of Edge configuration policies. These policies were often complex and needed to be scoped correctly to block unsupported browsers or apply protections. With this update, Microsoft automates much of that process: Collection Policies now apply directly within Edge without needing a separate blocking configuration. DLP Policies automatically generate Edge configuration policies that align with the scope of the DLP rules. DLP policies can operate in two mode...

Get-DnsAndIp.ps1 v1 released

After troubleshooting my share of deployments, only to fins out there was a DNS record or two missing, made me think of a way to check a DNS server for "all" the required records for a specific deployment.

I have tried different ways to discover and check for name to IP resolution techniques in Powershell, but none of the first attempts were any good. Then I had the task of doing yet another health check, and I decided there had to be a better way to do my research of the DNS deployment.

Finally I discovered the Resolve-DnsName cmdlet, which created an output I could easily work with within powershell. The the rest was the matter of finding out what to look for.

My script doesn't gather everything, but most of the FQDN's I'm used to work with (suggestions for other fqdn's are welcome),

As of the first release, the script will look for the following in a deployment (script must be run with a right to read the CsConfiguration, and must be able to reach the designated DNS servers):

  • Configured Pools 
  • Configured Servers    
  • SIMPLE URLS deployed Internally    
  • SIMPLE URLS deployed Externally    
  • Internal web URL    
  • External web URL    
  • Edge Service FQDNs    
  • WacServer URL deployed Internally    
  • WacServer URL deployed Externally    
  • LyncdiscoverInternal    
  • Internal Lyncdiscover for Mobility       
  • External Lyncdiscover    
  • Internal _sip._Tls resource records        
  • External _sip._Tls resource records     
  • Sip Federation resource records    
  • Sip record internally    
  • Sip record Externally    
  • XMPP resource records

Please read the post on Technet for a more comprehensive description.

As always, the script can be downloaded from the Technet Gallery