Automatic activation of your Microsoft Purview DLP policy in Microsoft Edge

After you create a collection or DLP policy in Purview targeting user interactions with unmanaged apps in Microsoft Edge, the Microsoft Edge management service automatically creates the required configuration policies to activate DLP policies in Edge for Business. These settings use Microsoft Intune policies to activate your Purview policies in Microsoft Edge. For users included in Purview policies with block actions, these settings also block the users from using unprotected browsers.

What happens when users are blocked from using unprotected browsers

When these settings are applied, users are blocked from accessing unmanaged AI apps in unprotected browsers where the policies don't apply. The user experience in Edge for Business isn't impacted, however:

• In Chrome with Purview extension: Use of the browser might be allowed depending on extension status and policy scope. If allowed, access to a dynamic set of generative AI apps is blocked. For more information and a list of apps, please see: manage enterprise secure AI settings
• In Firefox and other browsers: Use of these browsers is blocked. For more information please see: Block other browsers.

A user must be in scope in both a Purview DLP policy and an Edge configuration policy with the required settings in order for the Purview DLP policy to apply.

View configuration policies in the Microsoft Admin Center

Follow these steps to view the configurations policies:

1. Go to the Microsoft 365 admin center.
2. Sign in and select Settings > Microsoft Edge.
3. Select the policy to view more information.

Manually activate your Microsoft Purview DLP policy in Microsoft Edge

Edge configuration policies that activate Purview policies in Edge can be configured manually by Admins.

Step 1: Create a configuration policy for Microsoft Edge

Follow the steps to create a new configuration policy, in brief:

1. For policy type, choose “Cloud policy.”
2. Settings aren’t required.
3. Extension settings aren't required.
4. Scope to include all users in your tenant, or security groups containing the same or a superset of the users scoped in your Purview policies.
5. Click Save.

Step 2: Turn on Microsoft Edge settings

After creating the configuration policy, turn on the settings that help prevent users from avoiding the Purview protections, by blocking them from using unprotected browsers. To turn on these settings:

1. In the newly created policy, select the Customization Settings tab.

FAQs

Can these policies be edited?

Automatically created policies are read-only and can be updated by making updates to the policies in Purview. Configuration policies update automatically when updates are made to Purview policies targeting unmanaged apps in the browser.

Can these policies be deleted?

Automatically created policies can be deleted but will be recreated the next time there is a successful sync with Purview policies. For manually created policies, if you’re an admin, you can delete the configuration policy that was deployed to users or uncheck the feature configuration.

1. Go to the policy.
2. Click Delete.
3. In the side panel, acknowledge and confirm the changes.
4. Click Delete.

On other configuration policies, will my other settings work if I check the “Block other browsers” box?

No, the “Block other browsers” box takes precedence over all other settings. Only one setting can be turned on at a time.

Can I sync changes manually?

Yes, a manual sync option is available on the Edge settings overview page. Admins can sync by clicking the Microsoft Purview DLP protections card.

See also

• Microsoft Edge Enterprise landing page