Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Introduction
Watermarking Protection in Microsoft Edge helps organizations visibly reinforce data protection policies by overlaying a persistent watermark on sensitive content viewed in the browser. This feature is designed to deter unauthorized sharing, support compliance efforts, and increase user awareness when handling confidential information.
When enabled, watermarking appears automatically on content that meets sensitivity criteria such as pages labeled via Microsoft Purview or those subject to Data Loss Prevention (DLP) enforcement. The watermark is rendered by the browser and can't be removed or altered by the user.
Requirements
To use Watermarking Protection, your organization must meet the following prerequisites:
- Microsoft Edge version 142 or later
- Microsoft 365 E5 (preferred) or E3 licensing
- Admin access to the Edge Management Service portal
- Targeted Release enabled for your tenant
Admin Experience
Admins can enable watermarking through the Edge Management Service (EMX) by creating a test profile and configuring the watermarking toggle.
Steps to Enable:
- Go to the Edge Management Service portal.
- Create a test profile and assign it to a desired scope group. Note: It should be scoped to user identity, not device.
- In the Security Settings page, turn on the Watermarking toggle.
Where Watermarking Shows Up
| Surface Type | Supported |
|---|---|
| Regular browser tabs | ✔️ |
| Split screen tabs | ✔️ |
| Pop-up windows and app windows | ✔️ |
| Local PDFs with sensitivity labeling | ✔️ |
| MIP-labeled PDFs | ✔️ |
| Printing and screenshots | ✔️ |
| Sidebar and Shoreline surfaces | ❌ (planned for future) |
| Reading mode | ✔️ |
Watermark Overlay Details
When watermarking is triggered, users see a semi-transparent overlay across the content area. These strings are rendered consistently across supported surfaces and can't be modified by the user. The default string is:
“Confidential – Don't share”
Username
Timestamp
When using Microsoft Edge’s watermarking protection, it’s important to understand how and when watermarks are applied. Watermarking isn’t applied purely because a sensitivity label exists. It’s tied to enforcement actions. Watermarking isn't triggered simply by the presence of a sensitivity label on a document. Instead, the watermark appears when the labeling policy enforces specific restrictions such as blocking copy, upload, etc. This means that if you expect a file or site to be watermarked, you should ensure it's receiving DLP restriction from a provider (like Purview, Session Policies, Intune, etc.). Watermarking acts as a visible indicator that additional data loss prevention controls are active, helping reinforce organizational policies and increase user awareness. For best results, review your Purview label policies to confirm that enforcement actions are set for the labels where watermarking is desired. This ensures that sensitive Office documents are protected not only by labeling, but also by the appropriate restrictions and visible watermarks in Edge.
Additional customization options such as dynamic watermarking with variables like username, timestamp, or QR code will be available in future releases. These enhancements will be governed by Purview session policies, expected to arrive in CY2027, and will allow richer control over watermark behavior across managed browsers and apps.
Feedback and support
This experience is supported by Microsoft Support. You can reach out to Microsoft Support to report issues or give feedback. You can also leave feedback in our TechCommunity forum.