← Back
Microsoft Purview: Integration with Entra GSA Internet Access to enable sensitive file filtering at the network layer
MC1181769 · build prod-20251231-200323
Category
stayInformed
Severity
normal
Major change
False
Last modified
2025-10-31 00:10:10
Summary source
Azure OpenAI (gpt-4.1)
Action by (Graph)
Action by (AI)
Services
Microsoft Purview
Tags
New feature, Admin impact
Master tags
Security, Network
Roadmap IDs
522096

One-line summary

Public preview of Purview DLP integration with Entra Global Secure Access enables network-layer inspection and enforcement to protect sensitive files from being shared with unmanaged cloud apps.

Similar updates

More like this
MC1182008 Microsoft Purview: Inline protection for sensitive data shared over the network with non-Microsoft SASE integrations
Microsoft Purview: Inline protection for sensitive data shared over the network with non-Microsoft SASE integrations Purview DLP integrates with iboss and Netskope SASE platforms to inspect and protect inline web traffic, extending DLP to unmanaged cloud apps and generative AI, starting mid-November 2025. Microsoft Purview Data Loss Prevention.
MC1182689 (Updated) Microsoft Purview | New Copilot Security Controls in Microsoft Admin Center
(Updated) Microsoft Purview | New Copilot Security Controls in Microsoft Admin Center Microsoft Purview adds new DLP and security features in Admin Center to help admins monitor and control Copilot data sharing, with public preview starting mid-November 2025. Updated November 12, 2025: We have updated the content. [Introduction] To help.
MC1181768 Microsoft Purview: eDiscovery admin content access restrictions when not in compliance with Entra policies
Microsoft Purview: eDiscovery admin content access restrictions when not in compliance with Entra policies Microsoft Purview will enhance audit logging and enforce Entra conditional access for eDiscovery admins; non-compliant admins will be blocked from SharePoint content in Purview. To strengthen Microsoft’s security posture, we’re introducing .
MC1199763 Microsoft Purview | Data Security Investigations – Introducing new purge mitigation action
Microsoft Purview | Data Security Investigations – Introducing new purge mitigation action Microsoft Purview Data Security Investigations will add a new purge mitigation action by early 2026, allowing admins to delete sensitive or overshared content during investigations. Enabled by default, it respects exist. [Introduction] We’re introducing a.
MC1199765 Microsoft Purview: Role management update
Microsoft Purview: Role management update Microsoft Purview will map certain admin roles to new Microsoft Entra roles to enhance security and synchronize permissions automatically by March 2026. High-privileged Purview roles will correspond to three Entra roles. [Introduction] To strengthen security when Microsoft Purview interacts with.
MC1192256 Microsoft Purview | Data Loss Prevention- Admin units support for Microsoft SharePoint Online
Microsoft Purview | Data Loss Prevention- Admin units support for Microsoft SharePoint Online Admins can now assign SharePoint Online sites to administrative units in Purview DLP, enabling more granular policy scoping by unit. Rollout starts mid-December 2025. [Introduction] We’re adding support for assigning Microsoft SharePoint Online sites.

Details

RoadmapIds
522096
Summary
Microsoft Purview DLP policies will integrate with Entra Global Secure Access Internet Access to inspect and control sensitive file traffic at the network layer. Public preview starts mid-November 2025, enabling granular policy enforcement across unmanaged cloud apps, with centralized alert management in Purview and Defender.
Platforms
Web

Body (from Message Center)

[Introduction]

To help organizations better protect sensitive files in transit, we're introducing a public preview for extending Microsoft Purview Data Loss Prevention (DLP) policies to the network through integration with Entra Global Secure Access Internet Access. Through this integration, organizations can intercept and inspect file traffic at the network layer and enforce actions based on DLP policy conditions. It helps prevent sensitive files from being shared with untrusted cloud applications through browsers, apps, APIs, add-ins, and more—including generative AI platforms, cloud storage, and content-sharing services—while managing alerts and incidents through Purview and Microsoft Defender.

This message is associated with Roadmap ID 522096.

[When this will happen:]

  • Public preview: Rollout begins mid-November 2025 and completes by mid-December 2025.
  • General availability: Rollout begins mid-June 2026 and completes by mid-July 2026.

[How this affects your organization:]

  • Who is affected: Microsoft 365 tenants with E3 or E5 licenses; Admins managing Microsoft Purview DLP and Entra Global Secure Access.
  • What will happen:
    • A new “Inline Web Traffic” scenario will be available in Purview DLP policy creation.
    • Admins can configure granular policies and rules to detect and protect sensitive files transmitted to over 35,000 unmanaged cloud applications.
    • Policy matches, alerts, and incidents will be managed centrally in Microsoft Purview and Microsoft Defender.
    • The feature will be available by default but requires configuration to activate.

[What you can do to prepare:]

  • Ensure your GSA administrator configures the following in Entra Global Secure Access:
    • Enabled the internet access traffic profile and ensure the correct user assignments apply.
    • Configure TLS inspection and configure a TLS inspection policy.
    • Create a file policy and add a rule that specifies the action "Scan with Purview".
    • Configure a security profile with the above policies and link it to a conditional access policy.
  • Your global admin must activate Purview pay-as-you-go to enable this capability. No charges will apply during public preview.
  • Review your current DLP and network configurations to assess impact.
  • Communicate this change to helpdesk and security teams.
  • Update internal documentation to reflect new policy options.
  • For more details, refer to: Learn about data loss prevention

[Compliance considerations:]

Compliance Area Explanation
Alters how existing customer data is processed Sensitive file traffic is inspected at the network layer before reaching unmanaged cloud apps.
Introduces AI/ML capabilitiesDLP policies may interact with generative AI platforms to prevent data leakage.
Modifies DLP enforcementAdds network-layer enforcement to existing Purview DLP capabilities.
Adds integration to extend Purview DLP controls Integrates with Entra Global Secure Access Internet Access.
Includes admin controlControlled via Purview and Entra admin portals.
Can be controlled through Entra ID group membership Policy scoping can leverage Entra ID groups.

Raw JSON (for debugging)

Expand/collapse the full payload below.
Show/hide raw 
{
  "snapshot_item": {
    "action_required_by": null,
    "ai_action_required_by": null,
    "ai_actions": [
      "Configure internet access traffic profile in Entra GSA",
      "Set up TLS inspection and policies",
      "Create file policy with \u0027Scan with Purview\u0027 action",
      "Link security profile to conditional access policy",
      "Activate Purview pay-as-you-go",
      "Review DLP and network configurations",
      "Communicate changes to helpdesk/security teams",
      "Update internal documentation"
    ],
    "ai_master_tags": [
      "Security",
      "Network"
    ],
    "ai_model": "gpt-4.1",
    "ai_summary": "Public preview of Purview DLP integration with Entra Global Secure Access enables network-layer inspection and enforcement to protect sensitive files from being shared with unmanaged cloud apps.",
    "ai_topics": [
      "Purview",
      "Entra",
      "Defender"
    ],
    "category": "stayInformed",
    "details_map": {
      "Platforms": "Web",
      "RoadmapIds": "522096",
      "Summary": "Microsoft Purview DLP policies will integrate with Entra Global Secure Access Internet Access to inspect and control sensitive file traffic at the network layer. Public preview starts mid-November 2025, enabling granular policy enforcement across unmanaged cloud apps, with centralized alert management in Purview and Defender."
    },
    "id": "MC1181769",
    "importance": 1,
    "is_major_change": false,
    "last_modified": "2025-10-31T00:10:10Z",
    "ms_products": [
      "Purview"
    ],
    "platforms": "Web",
    "roadmap_ids": [
      "522096"
    ],
    "services": [
      "Microsoft Purview"
    ],
    "severity": "normal",
    "tags": [
      "New feature",
      "Admin impact"
    ],
    "title": "Microsoft Purview: Integration with Entra GSA Internet Access to enable sensitive file filtering at the network layer"
  }
}