MC1183007 – (Updated) Microsoft Purview DLP and Edge for Business: Inline data protection for file uploads to unmanaged GenAI apps

Product:

Intune, Microsoft Edge, Purview, Purview Communication Compliance, Purview compliance portal, Purview Data Loss Prevention, Windows

Platform:

Online, Web, World tenant

Status:

In development

Change type:

Admin impact, New feature, Updated message, User impact

Links:

518642

Details:

Summary:
Microsoft Purview DLP now offers inline file upload protection in Edge for Business to prevent data leaks to unmanaged GenAI apps. Admins can enforce policies based on file size, type, and sensitivity on Intune-managed Windows devices. Public preview starts late November 2025; general availability begins mid-January 2026.

Details:
Updated December 15, 2025: We have updated the timeline. Thank you for your patience.
[Introduction:]
We are introducing inline file upload protection for Microsoft Edge for Business to help prevent data leakage when users upload files to consumer generative AI (GenAI) apps in the browser. This complements the existing text upload protections available today for unmanaged GenAI apps and can be layered with Endpoint DLP protections. With this update, admins can detect and enforce inline protections on file uploads in Edge for Business. Policies can target file-specific conditions such as file size, file type, and sensitive information types, enabling organizations to audit or block activities for users on Intune-managed Windows devices.
This message is associated with Microsoft 365 Roadmap ID 518642.
[When this will happen:]
Public Preview: Begins late November 2025 (previously mid-November); expected to complete by early December 2025.
General Availability (Worldwide): Begins mid-January 2026 (previously early December 2025) (previously late November); expected to complete by end of January 2026 (previously mid-December 2025).

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:
General Availability, Preview

Created:
2025-11-05

updated:
2025-12-18

Public Preview Start Date

XXXXXXX ... free basic plan only

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

linked item details

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

Modification of DLP Policies
The change modifies how DLP policies are enforced in Edge for Business, potentially leading to unintentional data leaks if not properly configured.
   - roles: Security Admin, Compliance Officer
   - references: https://learn.microsoft.com/purview/dlp-browser-dlp-learn, https://learn.microsoft.com/purview/dlp-policy-reference

User Experience Disruption
Automated behaviors may block users from using unprotected browsers, leading to frustration and disruption in workflow if users are not informed beforehand.
   - roles: End User, IT Support
   - references: https://learn.microsoft.com/purview/dlp-create-policy-block-to-ai-via-edge#help-prevent-sharing-via-microsoft-edge-for-business-to-unmanaged-ai-apps-from-managed-devices, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=518642

Compliance Monitoring Changes
Admins gain new visibility and control over file uploads, which may require additional training and adjustment in monitoring practices.
   - roles: Compliance Officer, Security Admin
   - references: https://learn.microsoft.com/purview/collection-policies-policy-reference#cloud-apps-detection, https://learn.microsoft.com/purview/dlp-policy-reference

Configutation Options**

XXXXXXX ... paid membership only

Opportunities**

Enhanced Data Protection and Compliance Monitoring
The inline file upload protection allows for more granular control over what data can be uploaded to unmanaged GenAI apps, significantly reducing the risk of data leaks. This feature enables organizations to better enforce compliance with data protection regulations by preventing sensitive data from being shared inappropriately.
   - next-steps: Review and update existing DLP policies to include the new file upload conditions. Train security and compliance teams on the updated capabilities and ensure they are aware of the enhanced monitoring features.
   - roles: Compliance Officers, Security Administrators, IT Managers
   - references: https://learn.microsoft.com/purview/dlp-browser-dlp-learn, https://learn.microsoft.com/purview/dlp-create-policy-block-to-ai-via-edge#help-prevent-sharing-via-microsoft-edge-for-business-to-unmanaged-ai-apps-from-managed-devices

Improved User Experience with Inline Protections
By implementing inline protections, users will receive immediate feedback when attempting to upload sensitive files to unmanaged GenAI apps. This real-time interaction can help educate users on data handling policies and reduce the likelihood of accidental data breaches.
   - next-steps: Communicate the changes to end-users and provide training on the implications of these new protections. Gather feedback on user experience to identify any areas for improvement.
   - roles: End Users, Training Coordinators, IT Support Staff
   - references: https://learn.microsoft.com/purview/dlp-policy-reference, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=518642

Streamlined IT Administrative Tasks
The automated blocking of unprotected browsers for users included in blocking policies simplifies IT management. Admins can spend less time manually enforcing policies and more time on strategic initiatives, as the system will handle compliance enforcement automatically.
   - next-steps: Evaluate current browser usage policies and adjust them to align with the new automated features. Monitor compliance reports to ensure the new protections are functioning as intended.
   - roles: IT Administrators, Network Managers, Compliance Officers
   - references: https://learn.microsoft.com/purview/collection-policies-policy-reference#cloud-apps-detection, https://learn.microsoft.com/purview/dlp-create-policy-block-to-ai-via-edge#help-prevent-sharing-via-microsoft-edge-for-business-to-unmanaged-ai-apps-from-managed-devices

Potentional Risks**

XXXXXXX ... paid membership only

Data Protection**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

Hypothetical Work Council Statement**

XXXXXXX ... paid membership only

DPIA Draft**

XXXXXXX ... paid membership only

explanation for non-techies**

Microsoft is enhancing its data protection capabilities with a new feature in Microsoft Purview Data Loss Prevention (DLP) that integrates directly into Microsoft Edge for Business. This update aims to prevent sensitive data from being accidentally shared through file uploads to unmanaged generative AI (GenAI) applications. Think of it like a security guard at the entrance of a building, checking what items are being taken out to ensure nothing valuable or sensitive leaves without permission.

For organizations using Intune-managed Windows devices, administrators can now set specific rules for file uploads based on criteria like file size, type, and the sensitivity of the information contained within the files. This is similar to setting up a filter in your email to sort messages based on certain keywords or sender addresses. If a file meets certain conditions, the system can either block the upload or allow it but keep a record for auditing purposes.

This feature is particularly useful for businesses concerned about data leaks when employees use consumer GenAI apps that are not managed by the organization. By integrating these protections directly into the browser, Microsoft Edge for Business acts like a gatekeeper, ensuring that only approved data can be shared outside the company’s secure environment.

The rollout of this feature will begin with a public preview in late November 2025, with general availability expected by mid-January 2026. Administrators managing Microsoft Purview DLP policies and Edge for Business will be able to extend their existing data protection strategies to include these new file upload controls. This means that no immediate action is required, but it’s advisable for security and Edge administrators to review and update their current policies to incorporate these new capabilities.

In summary, this update is about adding an extra layer of security to protect sensitive information from being inadvertently shared through unmanaged applications, ensuring that businesses can maintain control over their data in an increasingly digital and interconnected world.