Forum Discussion
DSPM for AI - Block sensitive info from AI apps in Edge
This is still very new in Purview, so you are not alone in finding it tricky. The “DSPM for AI – Block sensitive info from AI apps in Edge” rule relies on several moving parts working together:
First, the machine must be onboarded to Purview with the Microsoft Purview extension for Edge installed and active, and the user must be signed in with their Entra ID account. Second, you need a Data Loss Prevention (DLP) policy in Purview that targets explicitly “Microsoft Edge for Business” under the cloud apps selector. Within that DLP policy, you add your sensitive information types or trainable classifiers, set the action to block, and choose the AI app category (this is what covers ChatGPT, Copilot, Gemini, etc., when accessed via Edge). Third, confirm that device compliance telemetry is flowing, in the Purview compliance portal under Activity explorer you should start to see events from Edge once the extension is properly enforced.
When the rule does trigger, the end user experience is similar to other DLP enforcement in Edge. Suppose a user tries to paste or type a credit card number or other sensitive string into the AI app prompt. In that case, Edge intercepts it and shows a toast-style notification that “This content is blocked by your organization’s data loss prevention policy.” The text will not be submitted to the AI service. If you configure user overrides, the user can provide a justification and proceed; otherwise, the prompt is blocked.
If you are not seeing triggers, check three things: that your SIT definitions match the test data (use the “Test” function in the Purview compliance portal to validate), that your policy is scoped to the correct users and to “Microsoft Edge for Business,” and that the devices are running the latest Edge build with the Purview extension visible in the browser. Also note that it can take several hours for a new DLP policy to propagate to endpoints.
So the expected experience is a block notification in the browser itself, not a silent failure of the AI prompt.
Hit like if you found this approach helpful.
Hi Ankit,
Thank you for your response, the devices are onboarded and the we have the extension deployed as well. I tested my SIT's in purview and in my activity explorer, i see the AI sites visited as well as DLP match for the other rule that i have configured (Endpoint DLP)
What do you mean by a DLP policy that targets edge? This policy was activated Via the DSPM for AI recommendations, and I have tried to create a new policy, and this is what i see. Can you clarify? After creating the policy, my locations are the AI apps.
Is there other settings to specify Microsoft Edge?