Microsoft Purview compliance portal: New Inline Protection controls for AI apps in Edge for Business

🚨 The Signal: Microsoft Purview now offers inline data loss prevention for generative AI prompts typed into Edge for Business, preventing sensitive data from being entered into consumer AI apps like ChatGPT, Google Gemini, and DeepSeek. This enhances existing DLP for copy/paste and uploads.

The Impact

Security teams and end-users are affected by new controls preventing sensitive data input into AI apps, reducing data leakage risk.

• Security Teams: Gain enhanced control over data exfiltration to AI services.
• End-Users: May experience blocks when typing sensitive data into AI prompts.
• Data Owners: Reduced risk of sensitive information exposure via AI interactions.
• Compliance Officers: Improved ability to demonstrate data protection for AI use.

The Action

1. Review and update existing Microsoft Purview DLP policies to include inline protection for AI apps.
2. Identify and configure specific generative AI applications (e.g., ChatGPT, Google Gemini) for inline protection.
3. Define sensitive information types that should trigger inline DLP for AI prompts.
4. Communicate new data handling policies for AI tools to end-users.
5. Monitor DLP reports for inline protection incidents and refine policies as needed.

Domain: Purview · Impact: high · Workload: Microsoft Purview