MC1183007 – Microsoft Purview DLP and Edge for Business: Inline data protection for file uploads to unmanaged GenAI apps

Product:

Intune, Microsoft Edge, Purview, Purview Communication Compliance, Purview Data Loss Prevention, Windows

Platform:

Online, Web, World tenant

Status:

Change type:

New feature, User impact, Admin impact

Links:

Details:

Summary:
Microsoft Purview DLP adds inline file upload protection in Edge for Business to prevent data leaks to unmanaged GenAI apps. Admins can enforce policies by file size, type, and sensitivity on Intune-managed Windows devices. Public preview starts mid-November 2025; general availability begins early December 2025.

Details:
[Introduction:]
We are introducing inline file upload protection for Microsoft Edge for Business to help prevent data leakage when users upload files to consumer generative AI (GenAI) apps in the browser. This complements the existing text upload protections available today for unmanaged GenAI apps and can be layered with Endpoint DLP protections. With this update, admins can detect and enforce inline protections on file uploads in Edge for Business. Policies can target file-specific conditions such as file size, file type, and sensitive information types, enabling organizations to audit or block activities for users on Intune-managed Windows devices.
This message is associated with Microsoft 365 Roadmap ID 518642.
[When this will happen:]
Public Preview: Begins mid-November 2025; expected to complete by early December 2025.
General Availability (Worldwide): Begins early December 2025; expected to complete by late December 2025.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2025-11-05

updated:
2025-11-05

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

Modification of DLP Policies
The introduction of inline file upload protection modifies how DLP policies are enforced in Edge for Business, potentially leading to unintentional blocking of legitimate file uploads if policies are not reviewed and updated accordingly.
   - roles: Admins, Security Officers
   - references: https://learn.microsoft.com/purview/dlp-browser-dlp-learn, https://learn.microsoft.com/purview/dlp-policy-reference

User Experience Disruption
Automated behaviors may block the use of unprotected browsers for users included in blocking policies, which could disrupt user workflows and lead to frustration if not communicated properly.
   - roles: End Users, IT Support
   - references: https://learn.microsoft.com/purview/dlp-create-policy-block-to-ai-via-edge#help-prevent-sharing-via-microsoft-edge-for-business-to-unmanaged-ai-apps-from-managed-devices

Compliance Monitoring Challenges
The change alters how admins can monitor and report on compliance activities, which may lead to gaps in compliance reporting if admins are not prepared to adapt to the new visibility and control features.
   - roles: Compliance Officers, Admins
   - references: https://learn.microsoft.com/purview/collection-policies-policy-reference#cloud-apps-detection, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=518642

Configutation Options**

XXXXXXX ... paid membership only

Opportunities**

Enhanced Data Protection Policies
With the introduction of inline file upload protection, organizations can create more granular DLP policies that target specific file types, sizes, and sensitivity levels. This enables better compliance and reduces the risk of data leaks when employees interact with unmanaged GenAI apps.
   - next-steps: Review and update existing DLP policies to incorporate new inline protections. Train IT and security teams on the new capabilities to ensure effective policy enforcement.
   - roles: IT Security Administrators, Compliance Officers, Data Protection Officers
   - references: https://learn.microsoft.com/purview/dlp-browser-dlp-learn, https://learn.microsoft.com/purview/dlp-policy-reference

Improved User Experience with Data Uploads
By automating the blocking of unprotected browsers for users under certain policies, the user experience is streamlined. This minimizes the potential for accidental data leaks and provides a smoother workflow for employees while using Edge for Business.
   - next-steps: Communicate the changes to end-users and provide training on the new protections in place. Gather feedback to assess user experience post-implementation.
   - roles: End Users, IT Support Staff, Training Coordinators
   - references: https://learn.microsoft.com/purview/dlp-create-policy-block-to-ai-via-edge#help-prevent-sharing-via-microsoft-edge-for-business-to-unmanaged-ai-apps-from-managed-devices

Increased Visibility and Monitoring
The new inline protections enhance the visibility and control that admins have over file uploads to unmanaged GenAI apps. This allows for better monitoring of compliance and risk management strategies.
   - next-steps: Set up reporting mechanisms to track file upload attempts to unmanaged apps and analyze compliance data. Train compliance and IT teams on how to leverage the new monitoring capabilities effectively.
   - roles: Compliance Officers, IT Security Administrators, Data Analysts
   - references: https://learn.microsoft.com/purview/collection-policies-policy-reference#cloud-apps-detection, https://learn.microsoft.com/purview/dlp-policy-reference

Potentional Risks**

XXXXXXX ... paid membership only

Data Protection**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

Hypothetical Work Council Statement**

XXXXXXX ... paid membership only

DPIA Draft**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only