Blocking sharing of sensitive content with AI

Question

Blocking sharing of sensitive content with AI

Denys Pasternak 85

Hello, I'm trying to figure out how to set up blocking of sensitive content and prevent unwanted transmission of this content to popular AI systems.

More specifically, my goal is to block this only for Gemini (public) and only allow it for corporate Gemini.

After some research, I decided to use

Network Data Security (inline web traffic) in Microsoft Purview.

https://learn.microsoft.com/en-us/purview/dlp-create-policy-ai-network-data-security

After reviewing the prerequisites, I obtained two licenses:

Microsoft Entra Internet Access

Microsoft 365 Business Premium

Microsoft Purview Suite for Microsoft 365 Business Premium

Configured Data Security Posture Management for AI:

Activate Microsoft Purview Audit

Install Microsoft Purview browser extension

Onboard devices to Microsoft Purview

Extend your insights for data discovery

Configured Global Secure Access:
https://learn.microsoft.com/en-us/purview/dlp-create-policy-ai-network-data-security

https://learn.microsoft.com/en-us/entra/global-secure-access/how-to-transport-layer-security

Traffic forwarding

File policies - Web category - Artificial Intelligence

TLS inspection policy - Web category - Artificial Intelligence

TLS inspection policies certificate

Security profiles

Conditional Access Policy

Installed GlobalSecureAccessClient

Added the root certificate to trusted certificates

Healthcheck for GlobalSecureAccessClient: everything is fine, common errors have been resolved. I see traffic on the EntraID portal from the client.

In Microsoft Purview,

I created an Inline web traffic policy for browser and network traffic, specifying sensitive data and blocking actions.

First question: However, I can still transfer sensitive test data, both files and plaintext.

Second question: Do I understand correctly that the DLP Inline web traffic policy can block data transfer for applications that don't have SSO, and therefore aren't corporate? If the application works with EntraID as an identity provider, it will be considered corporate. This is in response to the question "In more detail, my goal is to block this only for Gemini (public), and only allow work with Gemini corporate."

Thank you.

0 comments

2 answers

Your answer

Answer 1

Manoj Kumar Boyini 15,650 Microsoft External Staff Moderator

Hi Denys Pasternak

Your configuration is mostly correct. The reason you can still send sensitive content to Gemini (public) is that Inline Web Traffic DLP only enforces blocking when the traffic is actually inspected by Global Secure Access (GSA).

Inline Web Traffic DLP depends on traffic interception and TLS inspection. If the browser traffic does not pass through the GlobalSecureAccessClient or if TLS inspection is bypassed, Purview cannot see the request payload and therefore cannot block it—even if a DLP policy exists.

The most common causes are:

Browser traffic is not actually forwarded through GSA (split tunneling, forwarding profile not applied, unsupported browser).

TLS inspection is not applied or the root certificate is not trusted on the device.

The destination domain (Gemini public) is not matched by the Artificial Intelligence category or a custom domain rule.

The connection uses TLS features (for example, Encrypted Client Hello or certificate pinning) that prevent inspection.

You can confirm this by checking Global Secure Access traffic logs and TLS inspection logs. If the Gemini request does not appear as decrypted traffic, Inline Web Traffic DLP cannot evaluate or block it.

Regarding your second question: Inline Web Traffic DLP does not decide “corporate vs public” purely based on whether an application uses Entra ID or SSO. Enforcement is primarily domain- and network-based. If Gemini Enterprise and Gemini Public use the same base domain, Purview cannot automatically distinguish them at the network layer. To allow only the corporate version, the enterprise service must be identifiable via:

A distinct enterprise domain, or

An explicitly allowed enterprise application combined with Conditional Access and device compliance

Blocking public Gemini requires that traffic flows through GSA with TLS inspection enabled and that the Gemini public domain is included in the policy scope.

Allowing corporate Gemini requires an explicit allow condition (distinct domain or enterprise app), not SSO alone.

Once traffic is correctly routed through GSA and decrypted, Inline Web Traffic DLP will block sensitive content for Gemini Public while allowing access to the corporate Gemini endpoint.

Helpful References:
https://learn.microsoft.com/en-us/purview/dlp-create-policy-ai-network-data-security
https://learn.microsoft.com/en-us/purview/dlp-network-data-security-learn
https://learn.microsoft.com/en-us/entra/global-secure-access/how-to-transport-layer-security
https://learn.microsoft.com/en-us/entra/global-secure-access/how-to-transport-layer-security
https://learn.microsoft.com/en-us/purview/dlp-create-policy-block-to-ai-via-edge
https://learn.microsoft.com/en-us/purview/endpoint-dlp-using

Hope this helps, Please let us know if you have any questions and concerns.

Mountain Pond 1,696 Reputation points

2026-02-05T16:25:03.9566667+00:00

Thank you.

should I see this rules in Internet access rules? I see only default rules.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Mountain Pond 1,696 Reputation points

2026-02-05T16:27:18.46+00:00
Mountain Pond 1,696 Reputation points

2026-02-05T16:38:20.0633333+00:00
Manoj Kumar Boyini 15,650 Reputation points Microsoft External Staff Moderator

2026-02-17T20:22:20.0533333+00:00
Hi Mountain Pond

The “Internet Access Rules” list inside the Global Secure Access Client only shows network forwarding and routing rules, not your TLS inspection or DLP policies. The client enforces traffic forwarding, while TLS inspection and Inline Web Traffic DLP are applied in the cloud at the GSA security edge, not on the device.

Because of this, you will not see your custom TLS inspection or DLP rules in the “Internet access rules” list — only Microsoft’s default forwarding entries appear there.

To confirm that your AI blocking and TLS inspection policies are active, please check the following instead:

Global Secure Access → Traffic logs Ensure the Gemini request shows up with TLSDecrypted = True. If the traffic is not decrypted, Purview cannot evaluate or block it.

Security profile assignment Confirm that your TLS and File Inspection policies are correctly assigned to the user through the Conditional Access policy.

Purview Audit → Network DLP logs If the DLP rule is triggered, you will see it here. If nothing appears, the traffic was never decrypted or evaluated.

If the Gemini public domain is not included in your TLS inspection or if the browser does not trust the inspection certificate, the traffic will bypass inspection and the DLP rule will not trigger.

Hope this helps, Please let us know if you have any questions and concerns.
Manoj Kumar Boyini 15,650 Reputation points Microsoft External Staff Moderator

2026-02-18T17:50:26.56+00:00

Hi Mountain Pond

I hope you had a chance to review the information shared earlier, and I hope this information has been helpful! If you still have questions, please let us know what is needed in the comments so the question can be answered.
Mountain Pond 1,696 Reputation points

2026-02-18T20:30:56.73+00:00

@Manoj Kumar Boyini Thanks for the reply. Yes, I see that the DLP policies are triggered, or rather, I see what requests the user is sending. But blocking isn't working, as if the policies are only in audit mode, which is not the case. The policies explicitly state to block actions.
Manoj Kumar Boyini 15,650 Reputation points Microsoft External Staff Moderator

2026-02-20T20:50:13.0933333+00:00
Hi Mountain Pond

If DLP alerts are appearing but the block action is not being triggered, it means the policy is matching correctly, but the traffic is not meeting the conditions required for enforcement. This typically happens when one of the following is true:

TLS inspection is not decrypting the Gemini traffic If TLSDecrypted = False in the Traffic Logs, Purview cannot inspect or block the content.

The Gemini domain is not classified under the “Artificial Intelligence” web category If the category does not match, your File Rule and TLS inspection rule will not apply.

The browser or application is bypassing Global Secure Access Technologies like QUIC, DNS-over-HTTPS, certificate pinning, or unsupported browsers can prevent inspection and block enforcement.

Inline Web Traffic DLP can only block when the traffic is fully decrypted, routed through Global Secure Access, and matches the policy scope.

Could you please confirm whether the Gemini traffic appears as TLSDecrypted = True in your TLS inspection logs
Manoj Kumar Boyini 15,650 Reputation points Microsoft External Staff Moderator

2026-02-23T11:28:12.5666667+00:00

Hi Mountain Pond

Just checking in to see if the information provided earlier was helpful. Please let us know if you need any additional details or assistance, and we’ll gladly continue supporting you.
Mountain Pond 1,696 Reputation points

2026-02-24T09:12:17.9966667+00:00

@Manoj Kumar Boyini Sorry, I haven't had time to check yet.

Do you have an article on how to effectively configure request blocking using DLP rules?
Manoj Kumar Boyini 15,650 Reputation points Microsoft External Staff Moderator

2026-02-24T21:51:21.6033333+00:00

Hi Mountain Pond

Could you please go through this
https://learn.microsoft.com/en-us/purview/dlp-network-data-security-learn
https://learn.microsoft.com/en-us/purview/dlp-create-policy-ai-network-data-security
https://learn.microsoft.com/en-us/purview/dlp-create-policy-block-to-ai-via-edge
https://learn.microsoft.com/en-us/entra/global-secure-access/how-to-transport-layer-security
https://learn.microsoft.com/en-us/entra/global-secure-access/how-to-configure-web-content-filtering?tabs=microsoft-entra-admin-center
https://learn.microsoft.com/en-us/entra/global-secure-access/how-to-network-content-filtering
https://learn.microsoft.com/en-us/purview/endpoint-dlp-using

Hope this helps, Please let us know if you have any questions and concerns.
Manoj Kumar Boyini 15,650 Reputation points Microsoft External Staff Moderator

2026-02-25T22:10:01.4233333+00:00

Hi Mountain Pond

Just checking in to see if the information provided earlier was helpful. Please let us know if you need any additional details or assistance, and we’ll gladly continue supporting you.

Answer 2

To address your first question regarding the ability to transfer sensitive test data despite having set up an Inline web traffic policy in Microsoft Purview, there are a few factors to consider:

Policy Configuration: Ensure that the policy is correctly configured to block the specific types of sensitive data you are concerned about. Double-check the conditions and actions specified in the policy to confirm they align with your objectives.
Scope of Policy: The policy should explicitly include the sensitive data types you want to protect. If the policy is not capturing the data being transmitted, it may not be triggering the block as intended.
Testing Environment: If you are testing with data that is not classified as sensitive according to your DLP rules, the policy will not block it. Make sure the test data meets the criteria set in your DLP policy.

For your second question, you are correct in your understanding that the DLP Inline web traffic policy can block data transfer for applications that do not support Single Sign-On (SSO) and are therefore not recognized as corporate applications. If an application integrates with EntraID as an identity provider, it is typically treated as a corporate application, which means the DLP policy may not apply in the same way. This aligns with your goal of blocking only public Gemini while allowing corporate Gemini access.

References:

Share via

Blocking sharing of sensitive content with AI

2 answers

Your answer