Lab 8 — Browser DLP
Configure Browser DLP to prevent sensitive data from being submitted to AI tools and external web forms. Validate from the end-user perspective.
A1. Part A — Enable Browser DLP [Alex]
Policy → Browser DLP → Configuration
Enable the following:
- Clipboard monitoring: detects paste operations
- Form field inspection: inspects text typed or pasted into web input fields
- File attachment scanning: inspects files attached to web forms
A2. Create a GenAI Prompt Policy [Alex]
Create a new rule named:
| Field | Value |
|---|---|
| Detection Engine | Financial Data Detection |
| Destination Category | Generative AI Tools |
| Applications in scope | ChatGPT, Gemini, Copilot, Claude, Perplexity |
| Trigger | Paste OR form submit containing sensitive data |
| Action | Block submission |
| User notification | Enabled |
A3. Test GenAI Scenario [Kevin]
Navigate to: https://chat.openai.com
Copy the following from the lab desktop and paste it into the ChatGPT prompt:
Attempt to submit. Observe:
- Submission is blocked before reaching ChatGPT
- Notification appears: "Submission blocked — sensitive data detected"
- Incident is generated in the admin console
B1. Part B — Create a Web Form Policy [Alex]
Create a second rule named:
| Field | Value |
|---|---|
| Detection Engine | Financial Data Detection |
| Destination | All external web (excluding sanctioned internal apps) |
| Trigger | Form submit containing sensitive data |
| Action | Warn — require user confirmation before proceeding |
| Notification | You are about to submit sensitive data to an external site. Confirm this is authorized. |
B2. Test Web Form Scenario [Kevin]
Navigate to the test form site (URL provided on lab desktop). Submit a form containing:
Observe the warning dialog and the confirmation choice presented to Kevin. Kevin can proceed — and that decision is now logged.
- Why can't proxy-based DLP reliably inspect ChatGPT or Gemini traffic?
- When should the action be Block vs. Warn? What factors influence that choice?
- How does Browser DLP shift the model from "network perimeter" to "data perimeter"?
- What additional browser scenarios would you want to protect in your environment?
Browser DLP operates inside the browser process — covering WebSocket streams, clipboard paste, and form submissions that proxy cannot inspect.
Labs 6, 7, and 8 together close all three exfiltration vectors: network upload, device copy, and browser submission. Warn is often better than Block for general web forms: it educates without breaking workflows, and the decision is logged for Priya to review.
Key technical point: ChatGPT uses WebSocket streaming. Proxy sees opaque encrypted traffic. Browser DLP sees the actual text being typed.
The warn vs. block discussion is valuable — it leads naturally into conversations about user trust, workflow impact, and policy tuning.
Strong closing line: "Alex has now built protection across every channel. In Module 3, Priya picks up the incidents Kevin generated and closes the loop."
Tenant Switch Required
Module 2 is complete. Switch back to the Enterprise Tenant (Tenant 1) before beginning Module 3. Log out of the Lab Tenant and use the Enterprise Tenant credentials provided by your facilitator.