Listen to this Post
With the rapid evolution of Generative AI (GenAI), organizations face growing concerns about data leakage and unauthorized sharing of sensitive information. Microsoft’s new real-time discovery feature for typed prompts in AI applications helps mitigate these risks by preventing users from submitting restricted data to GenAI tools like Gemini.
How It Works
1. Integrated Security Stack:
- Microsoft 365 E5 tenant with Entra ID, Intune, Defender for Endpoint, and Microsoft Purview.
- Policies span Information Protection, Conditional Access, Defender for Cloud Apps, and Insider Risk Management.
- Adaptive Protection and Data Security Posture Management (DSPM) provide deep analytics.
2. Endpoint & Browser Control:
- Managed Edge with Purview extension (also supports Firefox & Chrome).
- Endpoint DLP blocks unauthorized transfers to USB, personal cloud, or restricted AI apps.
3. Real-Time Prompt Blocking:
- If a user (e.g., Alex Wilber) attempts to type “crown jewels” (classified data) into a GenAI prompt, the system blocks submission in real-time.
You Should Know: Key Commands & Configurations
Microsoft Purview & DLP Policies
Enable Endpoint DLP
Set-DlpPolicy -Identity "Strict Data Protection" -EndpointProtection Enabled
Apply Sensitivity Labels
Set-LabelPolicy -Identity "Confidential Data" -AdvancedSettings @{
"BlockGenAIPrompts" = $true
}
Defender for Cloud Apps (MCA) Logs
Check risky GenAI app usage Get-MCASDiscovery -ActivityType "AI_App_Usage" -RiskScore High
Conditional Access for AI Apps
New-ConditionalAccessPolicy -Name "Block GenAI for Sensitive Data" -Applications "Gemini, ChatGPT" -BlockAccess -WhenSensitivityLabel "TopSecret"
Linux/MacOS (via Intune/MDM)
Verify Purview extension in Firefox/Chrome ls /usr/lib/microsoft-edge/production/purview-extension Force policy sync (macOS) sudo profiles renew -type enrollment
What Undercode Say
Microsoft’s approach combines real-time monitoring, granular policy enforcement, and adaptive AI-driven security to prevent data leaks. Key takeaways:
– Blocking all GenAI apps is not scalable—controlled access with Purview & DLP is better.
– Endpoint DLP ensures USB, cloud, and AI app restrictions are enforced.
– Real-time prompt analysis closes the last loophole where users could type sensitive data before submission.
For security teams, the focus should be on:
- Deploying Purview extensions on all browsers.
- Classifying “crown jewels” with sensitivity labels.
- Auditing AI app usage via Defender for Cloud Apps.
Expected Output:
Policy "Block GenAI for Sensitive Data" applied successfully. Endpoint DLP enabled. Real-time prompt blocking active for labeled data.
References:
Reported By: Christianjbergstrom Datasecurity – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
