Microsoft Purview and Entra Add Real-Time AI DLP
Summary
Microsoft has announced a public preview that extends data protection to the network layer using Microsoft Purview and Microsoft Entra. The integration helps organizations detect and block sensitive data moving to unmanaged SaaS, personal cloud storage, and generative AI apps in real time, reducing data leakage risk before exposure occurs.
Introduction
Microsoft is expanding data protection beyond endpoints and managed apps as sensitive information increasingly moves through SaaS platforms, personal cloud storage, and generative AI tools. For IT and security teams, this matters because traditional DLP often detects issues only after data has already left the organization.
What’s new
Microsoft has announced a public preview of network-layer data security powered by Microsoft Purview and Microsoft Entra.
Key capabilities include:
- Real-time detection and enforcement for sensitive data in transit
- Visibility into data shared with shadow AI tools, unmanaged SaaS apps, and personal cloud repositories
- The ability to block or limit exposure based on identity, user activity, and data sensitivity
- Correlated investigation workflows across Microsoft Purview, Microsoft Entra, and Microsoft Defender
- A unified policy model so Purview classification and DLP policies can also be enforced at the network layer through Entra
Microsoft says this approach helps protect data across browser sessions, SaaS usage, and AI interactions, including prompts, responses, and file uploads.
Why it matters for administrators
This update gives security teams more control over scenarios that have been difficult to govern with traditional tools. Examples include:
- Users pasting confidential data into consumer AI apps
- Uploading work files to personal cloud storage
- Sharing content through unmanaged webmail or SaaS apps
- Data exposure through unsanctioned plugins or add-ins
Because enforcement is identity-aware, policies can adapt to the user and their risk context instead of applying the same restriction to everyone. That can improve protection without adding unnecessary friction for end users.
Licensing and availability
The capability is available in public preview. Microsoft notes that network data security is included in Microsoft 365 E7 and is also available for customers with Purview ME5 (or equivalent) plus Entra Internet Access (or equivalent).
Next steps
Admins should review existing Purview classifications and DLP policies to determine whether they are ready for network-layer enforcement. It’s also a good time to identify unmanaged AI and SaaS usage patterns, assess licensing requirements, and evaluate the preview in a controlled rollout.
Organizations adopting AI at scale should pay close attention here: Microsoft is positioning this as a key step toward protecting sensitive data before it leaves the business, not after.
Need help with Entra ID?
Our experts can help you implement and optimize your Microsoft solutions.
Talk to an ExpertStay updated on Microsoft technologies