Many organizations are growing increasingly concerned about the widespread use of unsanctioned Generative AI (GenAI) tools. These apps, often accessed through unmanaged browsers, pose significant risks to data security and compliance. To help with this, Microsoft is now updating some features in Microsoft Purview that will enhance policy enforcement for unmanaged cloud apps accessed via the Edge browser.
What’s Changing?
Previously, enforcing Purview Data Loss Prevention (DLP) and Collection policies required manual creation of Edge configuration policies. These policies were often complex and needed to be scoped correctly to block unsupported browsers or apply protections. With this update, Microsoft automates much of that process:
- Collection Policies now apply directly within Edge without needing a separate blocking configuration.
- DLP Policies automatically generate Edge configuration policies that align with the scope of the DLP rules.
DLP policies can operate in two modes:
- Audit Mode: Policies are logged, but browser blocking is optional.
- Block Mode: Enforces browser blocking based on policy scope.
In order to implement the new feature when they are enabled, organizations should review existing Edge configuration policies. If there are manually scoped policies, you should consider disabling or deleting them.
Update your Purview DLP policies to trigger the new automated behavior. You car read the step by step guide from Microsoft Learn here.
This update is associated with Microsoft 365 Roadmap ID 486368. It is available in preview, but will hopefully be rolling out later this fall.
If you found this update helpful, consider subscribing to my blog or following me on LinkedIn for more insights and practical guidance on Microsoft 365 and enterprise IT.