Services
Affected Platforms
Summary
Microsoft Purview now detects sensitive data shared over networks, integrating with Secure Access Service Edge (SASE)/Security Service Edge (SSE) solutions to inspect traffic and identify data sent to unmanaged cloud apps. Admins can create granular policies and manage them centrally via the Purview portal. Activation and configuration by admins are required.
Details
Updated November 12, 2025: We have completed rollout of this feature. Thank you!
Coming soon: You will be able to extend Microsoft Purview to the network layer by integrating Purview with your preferred Secure Access Service Edge (SASE) / Security Service Edge (SSE) solution. Through this integration, admins can intercept and inspect traffic flowing through the network layer to identify the presence of sensitive data. This enables admins to detect sensitive data shared with untrusted cloud applications through browsers, applications, APIs, add-ins, and more, including common generative AI, cloud storage, and content sharing services. The signals from inline discovery for the network further enrich Purview solutions including Data Security Posture Management (DSPM) and Insider Risk Management (IRM), helping admins better understand how to reduce data exfiltration risks to locations outside of their organization. Learn more: Building layered protection: New Microsoft Purview data security controls for the browser & network | Microsoft Community Hub (March 24, 2025).
This message is associated with Microsoft 365 Roadmap ID 488807.
When this will happen:
Public Preview: We will begin rolling out early May 2025 and expect to complete by late May 2025.
General Availability (Worldwide): Now available.
How this will affect your organization:
After this rollout, using the new collection policies option in Purview under Classifiers, you will be able to create granular policies to detect sensitive data that’s being sent to 34,000+ unmanaged cloud applications by defining what sensitive information types you want to detect and for who. These policies are designed to discover relevant signals from data in transit without executing any enforcement actions on that data.
After integrating with one of our already-integrated Secure Access Service Edge (SASE) / Security Service Edge (SSE) partners, data security admins will be able to centrally create and manage policies for the network from the Purview portal.
What you need to do to prepare:
After rollout, the new policies and features will be available by default for you to enable and configure. These integrations require action by your Purview Data Security and Compliance admins to enable discovery in your organization before any signals will start to be collected, including configuring a SASE/SSE integration and creating a collection policy that targets unmanaged cloud apps.
Also, your global admin will need to activate Purview pay-as-you-go meters to enable this capability. We will update this message in May 2025 with pricing details.
This rollout will happen automatically by the specified dates with no admin action required before the rollout. Review your current configuration to assess the impact on your organization. You may want to notify your users about this change and update any relevant documentation.