Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft Purview Data Loss Prevention (DLP) capabilities directly integrate into the Microsoft Edge for Business browser, allowing you to protect against users sharing sensitive information to unmanaged AI apps from your managed devices, without having to onboard them into Microsoft Purview.
On Intune-managed devices, Edge communicates directly with Microsoft Purview and Microsoft Edge services to receive policy updates and uses Edge configuration policies to block the use of the protected apps in noncompliant browsers. When a user attempts to access the unmanaged app using a noncompliant browser, the user is blocked and must use Microsoft Edge.
In preview, browser DLP can monitor and take protective actions on sensitive data that users attempt to share from managed devices to unmanaged cloud apps.
Managed Device
Browser DLP (preview) is supported on managed devices running Windows 10/11. A managed device is managed by Intune. Users on managed devices sign into the device with their work or school account credentials.
Unmanaged cloud apps
Unmanaged cloud apps are cloud apps that users access and use without signing into the app with their Microsoft work or school account credentials. An example of this is Gemini, where the user can navigate to the URL for the app and start interacting without first signing into their Microsoft work or school account. In preview, browser DLP supports these unmanaged cloud apps:
- OpenAI ChatGPT
- Google Gemini
- DeepSeek
- Microsoft Copilot
Important
Browser DLP features only apply to the non-Enterprise (consumer) version of M365 Copilot. Learn more about M365 Copilot Enterprise and Enterprise data protections here.
Supported browsers
The two latest stable versions of Edge, starting with version 138. For more information on the supported versions of Edge, see Microsoft Edge Releases.
Tip
Get started with Microsoft Security Copilot to explore new ways to work smarter and faster using the power of AI. Learn more about Microsoft Security Copilot in Microsoft Purview.
Activities you can monitor and take action on
This feature enables you to audit and manage the following types of activities users take on sensitive items on devices running Microsoft Edge in Windows 10/11.
activity | description | supported policy actions |
---|---|---|
Upload text to an unmanaged app from a managed device | Detects when a user attempts to upload text to an unmanaged app using a supported browser. If the user attempts to upload text via an unsupported browser the attempt is blocked and they're redirected to use Microsoft Edge. | allow, block, both actions are audited |
Licensing requirements
- Microsoft 365 E5/A5/G5/, Microsoft 365 Business Premium
- Office 365 E5/A5/G5
- Microsoft 365 E5/A5/G5/F5 Compliance and F5 Security & Compliance
Permissions for Purview DLP
The account you use to create and deploy policies must be a member of one of these role groups
- Compliance administrator
- Compliance data administrator
- Information Protection
- Information Protection Admin
- Security administrator
Implementation
For full implementation details, see Scenario 7 Block users from sharing sensitive information to unmanaged AI apps via Edge on managed devices (preview).
Viewing data from browser DLP policies
Data from DLP policies, including activities and audit captures, are visible in activity explorer, audit log, and in Defender XDR investigations experiences.