Regaining Control Over Unmanaged GenAI Apps: New Microsoft Purview Enhancements in Edge

Many organizations are growing increasingly concerned about the widespread use of unsanctioned Generative AI (GenAI) tools. These apps, often accessed through unmanaged browsers, pose significant risks to data security and compliance. To help with this, Microsoft is now updating some features in  Microsoft Purview that will enhance policy enforcement for unmanaged cloud apps accessed via the Edge browser.  What’s Changing? Previously, enforcing Purview Data Loss Prevention (DLP) and Collection policies required manual creation of Edge configuration policies. These policies were often complex and needed to be scoped correctly to block unsupported browsers or apply protections. With this update, Microsoft automates much of that process: Collection Policies now apply directly within Edge without needing a separate blocking configuration. DLP Policies automatically generate Edge configuration policies that align with the scope of the DLP rules. DLP policies can operate in two mode...

Microsoft Authenticator lite generally available

Microsoft Authenticator Lite has been made generally available (post). This is a feature allowing Microsoft Outlook to work as the authenticator app for a user. This is a nice feature for users who are not using MFA, or maybe still use SMS MFA for their login and don't want to install the authenticator app for some reason.

I would of course, recommend to use the authenticator app itself, but admit this can simplify things for users. The feature isn't "brand new", but it has not been supported for the legacy "per user mfa" a lot of organizations are still using. 

If you do not want this new feature available to users, you would have to turn it off, as it seems it will automatically made available to everyone. There is a good description of how to do so in this article. This will be rolling out from late september and for a couple of weeks.