MC1052914 – Microsoft Purview | Endpoint Data Loss Prevention: App or app group restriction support for Microsoft Edge browser (archived)

Product:

Microsoft Edge, Purview, Purview Communication Compliance, Purview Data Loss Prevention

Platform:

Online, World tenant

Status:

Change type:

New feature, Admin impact

Links:

Details:

Summary:
Microsoft Purview Endpoint Data Loss Prevention will now support app or app group restrictions in the Microsoft Edge browser. This feature, rolling out from April to July 2025, allows admins to block apps or app groups in Edge and show policy violation details. Admins should update policies and notify users.

Details:
Updated April 25, 2025: We have updated the timeline below. Thank you for your patience.
Before this rollout, Microsoft Purview | Endpoint Data Loss Prevention admins cannot restrict Microsoft Edge browser access to sensitive files through Restricted apps and app groups. After this rollout, admins can configure apps or app groups to be blocked in Edge, including a message showing policy violation details.
[When this will happen:]
Public Preview: We began rolling out early April) and expect to complete by early April 2025.
General Availability (Worldwide): We began rolling out early July 2025 (previously early April and expect to complete by late July 2025 (previously early April).

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2025-04-11

updated:
2025-04-26

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

Pictures

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

User Experience Disruption
Users may experience interruptions when attempting to access sensitive files through restricted apps in Edge, leading to confusion and frustration due to unexpected policy violation notices.
   - roles: End Users, IT Support Staff
   - references: https://learn.microsoft.com/purview/dlp-configure-endpoint-settings#edge-support-for-apps-and-app-groups-preview

Increased Support Tickets
The rollout may lead to an increase in support tickets as users encounter new restrictions and policy violation messages, overwhelming IT support resources.
   - roles: IT Support Staff, Help Desk Agents
   - references: https://learn.microsoft.com/purview/dlp-configure-endpoint-settings#edge-support-for-apps-and-app-groups-preview

Policy Management Challenges
Admins may face challenges in managing and updating existing DLP policies to align with the new restrictions, potentially leading to misconfigurations and compliance risks.
   - roles: DLP Administrators, Compliance Officers
   - references: https://learn.microsoft.com/purview/dlp-configure-endpoint-settings#edge-support-for-apps-and-app-groups-preview

Configutation Options**

XXXXXXX ... paid membership only

Opportunities**

Enhanced User Experience through Policy Transparency
With the new app or app group restriction support in Microsoft Edge, users will receive DLP notices when attempting to access restricted files. This transparency can improve user understanding of compliance policies and reduce frustration caused by unexpected access denials.
   - next-steps: Develop a communication plan to inform users about the new DLP notices and the reasons behind them. Provide training sessions or materials to help users understand the new policies.
   - roles: Compliance Officers, IT Administrators, End Users
   - references: https://learn.microsoft.com/purview/dlp-configure-endpoint-settings#edge-support-for-apps-and-app-groups-preview

Streamlined Policy Management for Admins
The ability to configure app or app group restrictions directly in Purview simplifies the management of data loss prevention policies. This centralized control can lead to more efficient policy updates and enforcement across the organization.
   - next-steps: Review existing DLP policies to identify necessary updates for Edge compatibility. Train IT staff on the new configuration settings to ensure smooth policy management.
   - roles: IT Administrators, Security Officers
   - references: https://learn.microsoft.com/purview/dlp-configure-endpoint-settings#edge-support-for-apps-and-app-groups-preview

Increased Compliance Monitoring Capabilities
The introduction of detailed policy violation messages allows for better tracking and reporting of compliance issues related to data access. This can enhance the organization's ability to monitor adherence to data protection regulations.
   - next-steps: Set up monitoring tools to analyze DLP violation reports generated by the new feature. Regularly review these reports to identify trends and areas for improvement in compliance training.
   - roles: Compliance Officers, Data Protection Officers, IT Administrators
   - references: https://learn.microsoft.com/purview/dlp-configure-endpoint-settings#edge-support-for-apps-and-app-groups-preview

Potentional Risks**

XXXXXXX ... paid membership only

Data Protection**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

Hypothetical Work Council Statement**

XXXXXXX ... paid membership only

DPIA Draft**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only