MC1046161 - Microsoft Purview | Data Loss Prevention: New inline protection controls for AI apps in Microsoft Edge for Business

Service

Microsoft 365 suite
Microsoft Purview

Last Updated

May 15, 2025

Published Apr 2, 2025

Tag

Updated message
New feature
User impact
Admin impact

Platforms

Desktop

Summary

Microsoft Purview is introducing new inline protection controls for AI apps in Microsoft Edge for Business, starting with ChatGPT, Google Gemini, and DeepSeek. This feature, rolling out from late May to early June 2025, allows admins to block sensitive data prompts and tailor enforcement levels. No admin action is required before rollout.

More information

Updated May 15, 2025: We have updated the timeline below. Thank you for your patience.

Coming soon for Microsoft Purview | Data Loss Prevention (DLP): We will introduce new inline protection capabilities for Microsoft Edge for Business that prevent data leakage for the various ways that users interact with sensitive data in the browser, including typing text directly into a web application or sending a prompt to a generative AI app. Inline protection is built natively into Edge for Business, meaning it can be enabled even without deploying Endpoint DLP, and the inline protection complements existing Endpoint DLP protections for uploading or pasting sensitive content to the browser. This capability will be available starting with several top consumer generative AI apps (ChatGPT, Google Gemini, and DeepSeek), and will expand to support a growing list of unmanaged apps over time.

Learn more in our blog: Building layered protection: New Microsoft Purview data security controls for the browser & network | Microsoft Community Hub

This message is associated with Microsoft 365 Roadmap ID 486368.

When this will happen:

Public Preview: We will begin rolling out late May 2025 (previously early April) and expect to complete by early June 2025 (previously late April).

We will update this message when the plan for General Availability is finalized.

How this will affect your organization:

After this rollout, admins can block prompts typed by users containing sensitive data, starting with ChatGPT, Google Gemini, and DeepSeek. Inline protection can also leverage Adaptive Protection policy conditions for activities in generative AI apps. This rollout enables data security admins to tailor the level of enforcement to the risk level of the user interacting with the data, minimizing disruption to day-to-day AI usage.

This change will be available by default for Admins to configure in Purview. Features aren't activated by default.

What you need to do to prepare:

This rollout will happen automatically by the specified dates with no admin action required before the rollout. Review your current configuration to assess the impact on your organization. We recommended informing Security admins and Edge admins at your organization about this change to DLP features. You may want to update any relevant documentation.