MC1181769: Microsoft Purview Adds Network-Layer DLP Enforcement via Entra Global Secure Access Integration

MWPRO IMPACT SCORE
OPERATIONAL IMPACT
60
0 25 50 75 100
HIGH IMPACT • REVIEW RECOMMENDED
Recommended Action:
Review the update and plan any required actions before rollout.
What is MWPro Impact Score? Watch our 60‑second explainer

Primary Audience

Microsoft 365 AdminsSecurity TeamsCompliance TeamsIT ManagersService Owners
Why this score?
AI Confidence
HIGH
Enough detail is available to trust this assessment.
Assessment Reasoning
The announcement shifts the general availability window to September 2026, extending the timeline but confirming the change is still planned. This feature introduces network-layer DLP enforcement through integration with Entra Global Secure Access, requiring configuration steps across Purview and Entra admin portals. Admin impact is high due to new policy options, TLS inspection setup, conditional access linkage, and necessary updates to documentation and governance. User impact remains low as changes are mostly backend, though security teams must communicate potential new behaviour to stakeholders. Urgency is moderate since the change is active and upcoming within 2–3 months, demanding planning and configuration ahead of GA.
78
🛡️ Admin Impact
18
👥 User Impact
60
Urgency
72
🔧 Effort
ℹ️ WHAT YOU NEED TO KNOW
📌

AT A GLANCE

Purview DLP can now work with Entra Global Secure Access to block sensitive files at the network level. This extends protection beyond apps and devices.
👥

END USERS

No major end-user change expected.
🛡️

IT ADMINS

Requires setup in Entra and Purview, TLS inspection, updating policies, and informing security and support teams.
📅

ROLLOUT TIMELINE

Upcoming:
September 2026

📢 Official Microsoft Message Center Announcement


Microsoft Purview: Integration with Entra GSA Internet Access to enable sensitive file filtering at the network layer
Message ID: MC1181769 (Updated)

Updated July 17, 2026: We have updated the timeline. Thank you for your patience. 

[Introduction]

To help organizations better protect sensitive files in transit, we’re introducing a public preview for extending Microsoft Purview Data Loss Prevention (DLP) policies to the network through integration with Entra Global Secure Access Internet Access. Through this integration, organizations can intercept and inspect file traffic at the network layer and enforce actions based on DLP policy conditions. It helps prevent sensitive files from being shared with untrusted cloud applications through browsers, apps, APIs, add-ins, and more—including generative AI platforms, cloud storage, and content-sharing services—while managing alerts and incidents through Purview and Microsoft Defender.

This message is associated with Roadmap ID 522096.

[When this will happen:]

  • Public preview: Rollout begins mid-November 2025 and completes by mid-December 2025.
  • General availability: Rollout begins September 2026 (previously mid-June) and completes by end of September 2026 (previously mid-July).

[How this affects your organization:]

  • Who is affected: Microsoft 365 tenants with E3 or E5 licenses; Admins managing Microsoft Purview DLP and Entra Global Secure Access.
  • What will happen:
    • A new “Inline Web Traffic” scenario will be available in Purview DLP policy creation.
    • Admins can configure granular policies and rules to detect and protect sensitive files transmitted to over 35,000 unmanaged cloud applications.
    • Policy matches, alerts, and incidents will be managed centrally in Microsoft Purview and Microsoft Defender.
    • The feature will be available by default but requires configuration to activate.

[What you can do to prepare:]

  • Ensure your GSA administrator configures the following in Entra Global Secure Access:
    • Enabled the internet access traffic profile and ensure the correct user assignments apply.
    • Configure TLS inspection and configure a TLS inspection policy.
    • Create a file policy and add a rule that specifies the action “Scan with Purview”.
    • Configure a security profile with the above policies and link it to a conditional access policy.
  • Your global admin must activate Purview pay-as-you-go to enable this capability. No charges will apply during public preview.
  • Review your current DLP and network configurations to assess impact.
  • Communicate this change to helpdesk and security teams.
  • Update internal documentation to reflect new policy options.
  • For more details, refer to: Learn about data loss prevention

[Compliance considerations:]

Compliance Area Explanation
Alters how existing customer data is processed Sensitive file traffic is inspected at the network layer before reaching unmanaged cloud apps.
Introduces AI/ML capabilitiesDLP policies may interact with generative AI platforms to prevent data leakage.
Modifies DLP enforcementAdds network-layer enforcement to existing Purview DLP capabilities.
Adds integration to extend Purview DLP controls Integrates with Entra Global Secure Access Internet Access.
Includes admin controlControlled via Purview and Entra admin portals.
Can be controlled through Entra ID group membership Policy scoping can leverage Entra ID groups.

Source: Microsoft Message Center • Analysed by MWPro

<<< [MC1181769] Archive
Tooltip: View earlier revisions of this post

Latest Posts

Pass It On
Leave a Comment

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply