
Enhancements to the Microsoft Purview data governance platform and Entra identity management will protect data in motion – in real time — across AI and SaaS applications.
The company said these enhancements address a growing use case of organizational data moving between trusted endpoints and unmanaged, or unsanctioned, shadow AI apps, as well as web and SaaS applications. It’s also closing a gap in traditional data loss prevention technology, which lacks real-time visibility and policy enforcement. The new features contrast with traditional tools’ static boundaries, an approach that breaks down when data is moving continuously between systems and apps.
These latest enhancements are an additional step in the vendor community’s moves to build out security capabilities that reflect the new complexities of AI software, including shadow AI work resulting from widely available AI tools.
How It Works
Microsoft has extended key functions of Purview and Entra so they apply to data moving between systems – also known as the network layer. By bringing together data context from Purview and identity-aware enforcement from Entra in real time, several new security functions are enabled. They include:
- Detecting how sensitive data is shared to shadow AI tools, unmanaged SaaS apps, and personal cloud repositories
- Blocking or limiting data exposure in real time based on identity, user activity, and data context
- Unifying investigation workflows by correlating identity, data, and insider risk signals across Purview, Entra, and Microsoft’s Defender, which protects against malware, phishing, and ransomware.
With these features, organizations can apply protections dynamically based on data sensitivity, the user and their network identity, and that user’s past behavior including interactions with sensitive data. The protections apply to data across browser sessions, SaaS usage, and AI prompts and responses.
The new features are powered by a unified policy model; policies defined in Purview for the corporate data estate are also enforced at the network layer. This reduces the need to juggle multiple point security tools and it ensures that data is secured holistically.
Specific scenarios that are now protected — which includes prevention of data leakage — include:
- Text, such as AI prompts, that’s entered directly into unmanaged apps and email services
- Files that are uploaded to personal cloud storage repositories
- Files and text that could be scanned and processed by unsanctioned plugins or add-ins
- Files and text that are shared outside of a managed browser session
The new features are available in public preview.
More AI and Security Insights:
- Customers Lack Confidence in Agents for Security
- Microsoft Governance Tools Ensure AI Agents Play Within The Rules at Runtime
- Microsoft Outlines Security, Governance, and Interoperability Features Coming to Agent 365
For a 36-Hour Immersion into the FY27 Priorities that define Partner Success in the AI Era, join us at the AI Business Solutions Partner Executive Summit, running July 29-30, 2026, in Renton, WA. Register today.



