Microsoft Purview DLP and Edge for Business: Automated blocking of unmanaged GenAI apps in unprotected browsers

Originally posted by Microsoft Sep 11, 2025 Uncategorized 0 Comments

Microsoft Purview DLP now automates blocking of unmanaged GenAI apps in Edge for Business, removing the need for separate Edge configuration policies. Rollout begins mid-October 2025. Admins should update or disable old policies to use this automation, enhancing data protection and policy enforcement.

We’re streamlining how Microsoft Purview policies apply to unmanaged cloud apps accessed via the Edge browser. These updates reduce manual steps for admins and improve policy enforcement across browser environments, especially for organizations managing data sharing to Generative AI (GenAI) apps.

This change builds on the existing preview feature.

This message is associated with Microsoft 365 Roadmap ID 486368.

When this will happen:

  • Public preview is in progress.
  • General availability: Rollout will begin in mid-October 2025 and is expected to complete by late October 2025.

How this affects your organization:

  • Who is affected:
    • Admins managing Microsoft Purview collection and DLP policies targeting unmanaged GenAI apps in the browser.
    • Organizations using Microsoft Edge for Business and Edge configuration policies that activate Purview policies.
  • What will happen:
    • Collection Policies
      • Previously: Required separate Edge configuration policy to apply protections with a browser blocking configuration.
      • Now: Collection policies apply directly in Edge without blocking configuration.
    • DLP Policies

      • Previously: Admins manually created Edge configuration policies to block unsupported browsers.
      • Now: Edge configuration policies are automatically created and scoped to match DLP policies when DLP policies are created or updated.
    • User experience:
      • Edge for Business: No impact.
      • Chrome with Purview extension: Browser usable; access to unmanaged GenAI apps is blocked.
      • Firefox and other browsers: Users are blocked from using the browser entirely.
    • DLP Policy Modes:
      • Audit mode: Policy created but browser blocking is optional.

      • Block mode: Policy created and browser blocking is enforced.

  • What you can do to prepare:

    • No action is required to enable these changes.

    • Inform your DLP and IT Admins of this update.

    • If you previously created Edge configuration policies scoped to all users and want to rely on automation:
      • Disable or delete the old Edge configuration policy.

      • Update your Purview DLP policy to trigger the automated behavior.

    • Learn more: Set up Microsoft Purview DLP policies in the Edge management service 

Compliance considerations:

Compliance Area Explanation
Modifies DLP policies or enforcement Automates Edge configuration policy creation and blocking enforcement for unmanaged GenAI apps for DLP policies.
Introduces or modifies AI/ML capabilities Restricts user interaction with unmanaged GenAI apps based on DLP policy scope.
Allows user/admin to enable or disable

Admins can disable or delete existing Edge configuration policies to rely on automation. Admins can disable or delete Purview DLP policies blocking actions to unmanaged apps in the browsers to disable Edge configuration policy that blocks other browsers.

Message ID: MC1151234

Comments are closed.

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: