Microsoft Purview compliance portal: Endpoint DLP: - App or App Group Restriction support for Edge browser

🚨 The Signal: Microsoft Purview Endpoint DLP now allows restricting specific applications or app groups from accessing sensitive files within the Edge browser. This enhances data exfiltration prevention by blocking unapproved apps from handling sensitive data.

The Impact

Security teams and Purview admins are affected, gaining a new control to prevent sensitive data exfiltration via Edge.

• Security Teams: New control to prevent data loss.
• Purview Admins: New configuration options for DLP policies.
• End Users: May encounter blocked actions when using unapproved apps with sensitive data in Edge.

The Action

1. Navigate to Microsoft Purview compliance portal > Data loss prevention > Policies.
2. Create or edit an Endpoint DLP policy.
3. Under 'Content contains' and 'Conditions', add 'Apps' or 'App groups' as a condition.
4. Specify the apps or app groups to restrict and select 'Block' action for Edge browser.
5. Deploy the updated policy to relevant endpoints.

Domain: Purview · Impact: high · Workload: Microsoft Purview · Essential Eight: User Application Hardening · ISM: ISM-1412, ISM-1485, ISM-1486, ISM-1542, ISM-1585, ISM-1667, ISM-1668, ISM-1669, ISM-1670, ISM-1823, ISM-1824, ISM-1859, ISM-1860