メインコンテンツへスキップ

Deploy Endpoint and Browser DLP Policies for AI Data Locations

Implementation Effort: Medium – Requires configuring endpoint DLP policies scoped to AI-accessible data locations, deploying browser DLP for AI interactions in Microsoft Edge, and optionally leveraging DSPM for AI one-click policy deployment to accelerate coverage.
User Impact: Medium – Users on onboarded devices will experience restrictions when attempting to copy, paste, or upload sensitive content to AI sites; browser-level DLP in Edge will block or warn when sensitive data flows through AI interactions in the browser.

Overview

Server-side DLP policies configured at the Microsoft 365 Copilot and Agent 365 locations prevent AI services from processing highly classified content. However, those policies only control what happens within the AI service itself — they do not govern what happens on the user's device or in the browser after content has been retrieved. Endpoint DLP and browser DLP extend data loss prevention enforcement to the client side, closing the gap between server-side policy and client-side behavior.

Endpoint DLP policies scoped to AI data locations restrict what users can do with sensitive content on their onboarded devices. When a user accesses a SharePoint site that contains AI-grounded data, endpoint DLP can block copy-to-clipboard actions, restrict printing, prevent saving to unauthorized locations, and control upload to cloud services — all based on the sensitivity label or sensitive information type present in the content. For AI scenarios, this matters because even when server-side DLP prevents Copilot from including highly classified content in a response, users may still access those same documents directly and attempt to move the content through client-side actions. Endpoint DLP ensures that the protection follows the data to the device level.

DSPM for AI provides a one-click DLP policy deployment that accelerates endpoint DLP coverage for AI-accessible sites. Rather than manually identifying each site, library, and folder that AI workloads access and scoping endpoint DLP policies to each one individually, the one-click policy uses DSPM's inventory of AI data locations to generate a preconfigured DLP policy covering the most relevant sites. This is a practical accelerator for organizations with large SharePoint environments where manual scoping would be prohibitively time-consuming.

Browser DLP for AI interactions in Microsoft Edge adds a further enforcement layer. When users interact with AI services through Edge — including Copilot in the browser, enterprise AI apps, and web-based AI tools — browser DLP policies can detect and block sensitive data in prompts before it is submitted to the AI service. This is a different threat vector than the server-side scenario: rather than preventing AI from surfacing sensitive content, browser DLP prevents users from inputting sensitive content into AI services. This is particularly relevant for enterprise AI apps that are not covered by the Microsoft 365 Copilot DLP location — browser DLP acts as a catch-all enforcement point at the browser boundary.

This activity supports Assume Breach by enforcing data protection controls across multiple layers — server, endpoint, and browser — so that a failure or bypass at any single layer does not result in uncontrolled data exposure. It supports Use Least Privilege Access by restricting client-side actions on sensitive content to only what is authorized by policy, regardless of whether the user accessed the content through an AI interaction or directly. Without client-side DLP enforcement, server-side DLP policies create a false sense of security — highly classified content is blocked from Copilot responses, but the same content can be freely copied, printed, or uploaded from the user's device through other channels. Threat actors who compromise an endpoint can exfiltrate AI-adjacent sensitive content through client-side actions that server-side policies cannot see.

Reference