![Microsoft Purview: Integration with Entra GSA Internet Access to enable sensitive file filtering at the network layer [MC1181769]](https://mwpro.co.uk/wp-content/uploads/2024/08/pexels-ben-neale-123878-380337-1024x683.webp "Microsoft Purview: Integration with Entra GSA Internet Access to enable sensitive file filtering at the network layer [MC1181769] 1")
[Introduction]
To help organizations better protect sensitive files in transit, we’re introducing a public preview for extending Microsoft Purview Data Loss Prevention (DLP) policies to the network through integration with Entra Global Secure Access Internet Access. Through this integration, organizations can intercept and inspect file traffic at the network layer and enforce actions based on DLP policy conditions. It helps prevent sensitive files from being shared with untrusted cloud applications through browsers, apps, APIs, add-ins, and more—including generative AI platforms, cloud storage, and content-sharing services—while managing alerts and incidents through Purview and Microsoft Defender.
This message is associated with Roadmap ID 522096.
[When this will happen:]
- Public preview: Rollout begins mid-November 2025 and completes by mid-December 2025.
- General availability: Rollout begins mid-June 2026 and completes by mid-July 2026.
[How this affects your organization:]
- Who is affected: Microsoft 365 tenants with E3 or E5 licenses; Admins managing Microsoft Purview DLP and Entra Global Secure Access.
- What will happen:
- A new “Inline Web Traffic” scenario will be available in Purview DLP policy creation.
- Admins can configure granular policies and rules to detect and protect sensitive files transmitted to over 35,000 unmanaged cloud applications.
- Policy matches, alerts, and incidents will be managed centrally in Microsoft Purview and Microsoft Defender.
- The feature will be available by default but requires configuration to activate.
[What you can do to prepare:]
- Ensure your GSA administrator configures the following in Entra Global Secure Access:
- Enabled the internet access traffic profile and ensure the correct user assignments apply.
- Configure TLS inspection and configure a TLS inspection policy.
- Create a file policy and add a rule that specifies the action “Scan with Purview”.
- Configure a security profile with the above policies and link it to a conditional access policy.
- Your global admin must activate Purview pay-as-you-go to enable this capability. No charges will apply during public preview.
- Review your current DLP and network configurations to assess impact.
- Communicate this change to helpdesk and security teams.
- Update internal documentation to reflect new policy options.
- For more details, refer to: Learn about data loss prevention
[Compliance considerations:]
| Compliance Area | Explanation |
|---|---|
| Alters how existing customer data is processed | Sensitive file traffic is inspected at the network layer before reaching unmanaged cloud apps. |
| Introduces AI/ML capabilities | DLP policies may interact with generative AI platforms to prevent data leakage. |
| Modifies DLP enforcement | Adds network-layer enforcement to existing Purview DLP capabilities. |
| Adds integration to extend Purview DLP controls | Integrates with Entra Global Secure Access Internet Access. |
| Includes admin control | Controlled via Purview and Entra admin portals. |
| Can be controlled through Entra ID group membership | Policy scoping can leverage Entra ID groups. |
Source: Microsoft
Latest Posts
- Updates available for Microsoft 365 Apps for Current Channel [MC1181780]
- Microsoft Teams: File attachment control now enabled by default in external 1:1 and group chats [MC1181772]
- Microsoft Purview: eDiscovery admin content access restrictions when not in compliance with Entra policies [MC1181768]
- Introducing the employee self-service agent in Microsoft 365 Copilot Studio [MC1181770]
![Microsoft Copilot Studio: Introducing the pre-purchase plan (P3) [MC1181771]](https://mwpro.co.uk/wp-content/uploads/2025/06/pexels-alexasfotos-32112166-96x96.webp "Microsoft Copilot Studio: Introducing the pre-purchase plan (P3) [MC1181771] 6")