Seal the gaps: new Microsoft Purview data security controls for the browser & network
- welka2111
- Mar 24
- 4 min read
Introduction
Microsoft Purview is stepping up its game again, and this time, they’re bringing data security to the network layer and Microsoft Edge for Business. As someone who helps organisations implement Microsoft Purview, I’m always keen to see how they’re evolving their tools to meet modern security challenges. And with AI-powered workflows and browser-based work becoming the new norm, this latest expansion couldn’t have come at a better time.
Table of contents
New data security controls: extending protection to the network and browser
Microsoft has always had a solid approach to data security - building protection right where data is created, stored, and moved. They started by integrating Purview security controls into Microsoft 365 apps, ensuring data protection within the very tools people use every day. From there, they expanded to Teams, Power BI, Fabric, and even Microsoft 365 Copilot. Then they took it a step further, bringing security to Windows and macOS devices using an agentless model that simplifies deployment.
But work habits keep changing. Employees now rely heavily on AI tools and spend more time in the browser than ever. Recognising this shift, Microsoft is now rolling out Purview data security capabilities for the network layer and Edge for Business. With these additions, Purview now provides layered protection across cloud, email, endpoints, network, and browsers - covering every angle of data security.
Inline data discovery for the network
Previously, Purview’s cloud and endpoint data loss prevention (DLP) solutions allowed organisations to block or allow data use within specific applications. But with so many employees interacting with unmanaged SaaS apps, personal cloud storage, and AI tools, organisations need more control over where their sensitive data is going.
To address this, Microsoft is opening Purview’s classification and DLP policies to a broader ecosystem of secure access service edge (SASE) solutions. Integrating Purview with a preferred SASE provider allows organisations to apply the same security controls at the network layer - expanding visibility and control over sensitive data even in unmanaged environments.
The best part? This happens in real-time, at cloud scale, so there’s no latency while policies wait for on-premises classification. Admins can prevent data from being leaked to untrusted locations before it ever leaves the organisation’s perimeter.
Early partners & preview availability
Microsoft is kicking things off with Netskope, iboss, and Palo Alto Networks - leaders in the SASE and security space. Inline discovery of sensitive data will be available in public preview from early May with Netskope and iboss, while Palo Alto Networks Prisma Access integration is coming later this year. More partners will be added soon.
Why this matters
Having deeper insight into how data moves across networks means organisations can strengthen security without stifling productivity. By pairing Microsoft Purview with SASE solutions, businesses can bridge the gap between data security and network visibility, creating a more robust, adaptive security framework.
The new SASE integration will help organisations detect and prevent data from being sent to risky locations, even when employees are using desktop applications like Slack, Box sync apps, or non-Microsoft browsers like Opera or Brave.
Some real-world examples:
An employee mistakenly uploads customer account details to a third-party Slack channel.
Someone installs an unsanctioned GPT plugin in Word and tries to summarise a confidential document.
With these new capabilities, Purview Data Security Posture Management (DSPM) and Activity Explorer can now capture these events, giving admins detailed insights into potential data leaks. These insights can then drive better security policies, ensuring data doesn’t end up in the wrong hands.
And it doesn’t stop there. Over time, these network insights will also feed into Insider Risk Management, helping security teams detect behavioural patterns that might indicate potential insider threats.
Inline data protection in Edge for Business
Web applications are where most employees interact with data, so having built-in protection at the browser level is a no-brainer. Microsoft is rolling out inline protection for Edge for Business, allowing organisations to prevent data leakage as users interact with web apps and AI tools.
For instance, if someone tries to type sensitive information directly into a ChatGPT prompt or an email draft, Purview’s new inline protection can block the action in real-time. This feature is available even without endpoint DLP (in my opinion, this is a very impressive choice), making it an easy win for organisations looking to boost security without additional deployment complexity.
Initially, it will support top AI apps like ChatGPT, Google Gemini, and DeepSeek, but Microsoft plans to expand coverage to more unmanaged apps, including collaboration, social media, and email platforms.
Adaptive protection for AI apps
One particularly exciting aspect is how adaptive protection will tailor enforcement based on user risk level. For example:
Low-risk users might be blocked from submitting prompts containing highly classified data.
High-risk users might be blocked from submitting any sensitive data to external AI apps.
And because Purview DSPM continuously analyses data risk, admins will get proactive policy recommendations based on real-world data interactions, ensuring security keeps up with evolving threats.
Protecting data on unmanaged devices
Remote work and BYOD (Bring Your Own Device) policies are the norm for many businesses. Microsoft is addressing this by extending Purview’s data security controls to unmanaged Windows and macOS devices, as long as users log into Edge for Business with their work account.
For example:
A contractor using a personal MacBook logs into Edge for Business.
They try to download employee records from a company portal.
Purview policies block the download while allowing access to general resources like benefits brochures.
You can also currently block download of sensitive files on unmanaged devices if you use Defender for Cloud Apps in conjunction with Conditional Access where you enforce a Conditional Access App Control and optionally have a session policy in place if you want to customise this further.
This ensures secure access without needing full device management, making it a great option for organisations with contractors, frontline workers, or BYOD setups.
Conclusion
This latest expansion of Purview’s capabilities shows that Microsoft isn’t just keeping up with security trends - they’re setting them. By bringing data protection to the network layer and the browser, they’re making it easier for organisations to build a truly layered security strategy without adding complexity.
If you’re working with Microsoft Purview already, these updates are definitely worth exploring. If you’re not, this might just be the push to start thinking seriously about modern data security in the AI-driven workplace.
コメント