What Purview Browser Extension provides on top of Endpoint DLP
While Endpoint DLP and the Microsoft Purview Browser Extension are both part of the same ecosystem, they operate at different layers. Think of Endpoint DLP as the “security guard” for the entire computer, while the Browser Extension is the “specialist” for activity happening inside non-Microsoft browsers (Chrome and Firefox).
Without the extension, Endpoint DLP can see that a file was “touched” or “moved,” but it often lacks the granular context of what happened inside the browser window.
Key features Provided by the Extension
The primary value of the extension is content-level visibility and enforcement inside Chrome and Firefox, which matches the native capabilities of Microsoft Edge.
| Feature | Endpoint DLP (Alone) | Purview Browser Extension |
| Cloud Uploads | Can block file transfers to external storage, but may miss specific web-based uploads. | Granularly audits/blocks uploads to specific “restricted service domains” (e.g., personal Gmail or Dropbox). |
| Paste into Web Forms | Generally cannot stop a user from typing or pasting sensitive text into a web field. | Blocks/Audits pasting sensitive information (SITs) into web forms (e.g., pasting PII into ChatGPT). |
| Print from Browser | Can block the OS print spooler, but often lacks the context of what was being printed from a tab. | Context-aware printing control specifically for items opened within the browser session. |
| Sensitive Site Monitoring | Limited. Can block access to “unallowed browsers” entirely. | Enables the use of Chrome/Firefox while still enforcing “Sensitive Service Domain” restrictions. |
| Insider Risk Signals | Collects basic file signals. | Collects browser-specific signals (like navigation to high-risk sites) for Insider Risk Management. |
Key additional capabilities the extension provides:
- Paste-to-browser blocking — The paste-to-browser action is supported in Edge and Chrome (with the Purview extension), but Endpoint DLP on its own treats copy-paste of text differently since text copied from apps isn’t always classified as a file operation.
- Inline content inspection in web forms — The extension can detect and block sensitive data being typed or pasted directly into web forms, chat interfaces, and AI tools within the browser. Endpoint DLP focuses on file-level operations (upload, copy to USB, print, save to network share).
- Shadow AI governance — The extension works with Endpoint DLP, Insider Risk Management, and DSPM for AI to detect when users copy, paste, or upload sensitive data into unapproved AI sites.
- Insider Risk Management signals — Purview Insider Risk Management requires the extension to be installed to monitor and take action on activities in the Chrome browser.
- Chrome and Firefox support — For Microsoft Edge this functionality is built in (from version 138+), but for Chrome and Firefox, the extension is required to enforce browser-level DLP policies.
In summary: Endpoint DLP handles file-system-level operations (file uploads, USB copies, printing, clipboard at the OS level), while the browser extension extends visibility and enforcement inside the browser session itself — particularly for inline content like typed or pasted text into web apps, AI tools, and unmanaged cloud services where no traditional file operation occurs.
