Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
After you create a DLP policy in Purview, you must turn on the appropriate settings in Microsoft Edge configuration polcies. These settings helps prevent users from bypassing Purview protections by using non-compliant browsers.
Learn more about how to turn on Microsoft Edge settings for users in a policy.
Important
As a prerequisite, create a DLP policy in Purview before you turn on these settings in Microsoft Edge.
What happens when these settings are applied
When these settings are applied, users in scope are blocked from accessing unmanaged AI apps in non-compliant browsers where the policies don't apply. The user experience in Edge for Business isn't impacted, however:
- In Chrome with Purview extension: Access may be allowed depending on extension status and policy scope.
- In Firefox and other browsers: Access to unmanaged apps is blocked for users in scope of the Edge configuration policy.
A user must be in scope in both a Purview DLP policy and an Edge configuration policy with the required settings in order for the Purview DLP policy to apply.
Step 1: Set up an Edge Management Service in Admin Center settings
To complete application in Edge for Purview DLP policies targeting cloud apps, you must also have an Edge Management Service configuration policy configured with settings that block non-compliant browsers.
- Go to the Microsoft 365 admin center.
- Sign in and select Settings > Microsoft Edge.
Step 2: Create a configuration policy for Microsoft Edge
Follow the steps to create a new configuration policy, in brief:
- For policy type, choose “Cloud policy.”
- Include the same users scoped in the DLP policy.
- Settings aren’t required.
- You don’t need to modify the dropdown.
- Add security groups or all users in the tenant. tenant.
- Click Save.
Step 3: Turn on Microsoft Edge settings
After creating the configuration policy, turn on the settings that help prevent users from avoiding the Purview protections, by blocking them from using noncompliant browsers.
To turn on these settings:
- In the newly created policy, select the Customization Settings tab.
Tip
Anytime you edit settings in this tab, they appear in the “Settings” page.
- Select Security settings.
- Check the box titled “Block use of cloud apps in browsers where Purview in-browser protections doesn’t apply.”
- Click Save changes.
Note
When a user signs in to Microsoft Edge for Business on a managed device using their EntraID credentials, the Edge configuration policy settings are applied.
Delete the configuration policy with the Purview DLP policies
If you’re an admin, you can delete the configuration policy that was deployed to users or uncheck the feature configuration.
To delete the configuration policy:
- Go to the policy.
- Click Delete.
- In the side panel, acknowledge and confirm the changes.
- Click Delete.
To uncheck the feature configuration box:
- Go to the policy.
- Select the Customization Settings tab.
- Select Security settings.
- Uncheck the box titled “Block use of cloud apps in browsers where Purview in-browser protections don’t apply.”
- Click Save changes.
FAQs
Will my other settings work if I check the “Block other browsers” box?
No, the “Block other browsers” box takes precedence over all other settings. Only one setting can be turned on at a time.
Can I use manual and automated configurations with this new feature?
This setting can be applied manually and a semi-automated configuration is available on the Edge settings overview page. Admins can create an Edge configuration policy scoped to all users and apply the required Purview settings by clicking the Microsoft Purview DLP protections card.