Securing the AI era starts with identity

Generative AI (GenAI) is quickly transforming how organizations innovate, collaborate, and compete. Adoption rates are impressive, with 75% of knowledge workers already using it. Yet only one in four enterprise AI initiatives are properly secured.

Identity and Security leaders cite data leakage to GenAI tools as their top concern, and just 9% of organizations feel prepared to address risks like prompt injection attacks, Shadow AI, and fragmented security controls. Without a cohesive approach to securing AI, enterprises risk losing control of sensitive data.

Introducing the first identity-centric secure web & AI gateway

At Ignite 2025, Microsoft unveiled a breakthrough in AI security: Microsoft Entra Internet Access now includes a secure web and AI gateway. This brings AI-aware protections into the network layer to close security gaps introduced by the shift to modern work that traditional tools can’t address.

Key capabilities in Public Preview:

• Shadow AI Detection helps you discover unsanctioned AI tools through Cloud Application Analytics, Defender for Cloud Apps risk scoring, and Microsoft’s Cloud App Catalog. This empowers security teams to monitor usage trends and apply Conditional Access policies to control access to AI apps or to block high-risk apps instantly.
• Network File Filtering blocks uploads or downloads based on file type. It can also inspect file content and metadata in transit, integrating with Microsoft Purview to enforce Sensitive Information Types and Exact Data Match policies. This prevents uploading of regulated or confidential data to unsanctioned AI services.
• Prompt Injection Protection inspects AI traffic inline and blocks malicious prompts in real time by extending Azure AI Prompt Shields to the network layer. This ensures consistent protection across all AI apps, agents, and LLMs without requiring you to rewrite your applications.

With these capabilities, you can give employees the freedom to experiment with GenAI while maintaining compliance and reducing risk.

                                                                  Figure 1: Secure access and protect AI with a secure web and AI gateway.

Extend universal run-time protection to any AI application

Microsoft Entra Internet Access doesn’t just secure connectivity, it enables responsible, accelerated adoption of GenAI. Because Internet Access brings AI-aware protections directly into the network, they seamlessly extend to any AI app in use—no re-coding necessary.

Stop prompt injection before it reaches the model

Imagine an attacker crafting a manipulative prompt that overrides safeguards to extract sensitive data. Traditional tools like endpoint protection or app-level filters often fail to stop this kind of attack because they weren’t built to inspect AI-specific traffic or to enforce policies across diverse AI services. Since they operate at the device or application level, these tools leave openings when employees use multiple GenAI apps across browsers and clouds.

The secure web & AI gateway changes the game by extending Azure AI Prompt Shields to the network layer, building on proven Microsoft AI security. It intercepts and blocks malicious prompts before they ever reach the model, enforcing policies across every device, OS, and browser. Protection works across on-premises, multi-cloud, and hybrid environments, delivering uniform security—no SDKs, updates, or retrofitting required. Every app, including Microsoft 365 Copilot, is protected as-is.

Prevent sensitive data leakage to AI services

Employees who upload files to AI tools or websites risk data exfiltration, IP leakage, and compliance violations. Network File Filtering addresses this by blocking uploads or downloads based on file type—such as executable, spreadsheet, or PDF—and by inspecting files for sensitive information through integration with Microsoft Purview. Purview applies Sensitive Information Types and Exact Data Match policies to stop transfers of regulated or confidential data, preventing exposure.

Detect and control shadow AI

New application insights and analytics capabilities help identify GenAI tools observed in network traffic to address the risk of Shadow AI bypassing corporate policies. They work hand-in-hand with Microsoft Defender for Cloud Apps, which matches any app discovered against Microsoft’s Cloud App Catalog and applies a risk score based on compliance, security posture, and usage patterns. Security teams can apply Conditional Access policies to sanction or block apps instantly based on these risk scores, on usage trends, or even on geo-political considerations.

Secure AI agents and MCP servers

AI agents connecting to external MCP servers can open doors to data exfiltration. Secure Web and AI Gateway enforces strict boundaries at the network layer with URL filtering that allows approved agent connections and blocks unsanctioned MCP servers. Combining this capability with identity-centric controls from Microsoft Entra, organizations can apply fine-grained policies—such as requiring MFA for access to certain AI tools or enforcing geo-restrictions—across Windows, macOS, iOS, and Android. The result is uniform, identity-driven protection across every AI interaction, closing gaps that device-level controls simply can’t.

Fully integrated into Microsoft’s SASE solution, Secure Web and AI Gateway provides a seamless, unified experience for administrators.

                                                                             Figure 2: Microsoft Entra Suite Ignite Session video.

Along with AI security advancements, we’re also strengthening the broader foundation of Microsoft Entra Internet Access with:

• Threat intelligence filtering blocks known malicious sites using continuously updated threat intelligence.
• Remote networks for Internet traffic extends Microsoft Entra Internet Access protections to branch offices and remote sites without requiring the Global Secure Access client.
• Cloud firewall for remote networks applies centrally-managed, identity-driven firewall policies, adding advanced threat filtering at the network edge.

Beyond Secure Web and AI Gateway: Microsoft Entra Suite innovations that transform identity security

Identity is the most strategic control point for security and governance in a world of AI-driven, hybrid work. Microsoft Entra Suite brings automation, intelligence, and context-aware access to every identity, app, and environment. This helps organizations advance beyond static policy controls to dynamic, identity-driven security that adapts to risk, reduces operational overhead, and secures access everywhere.

Automate least privilege

New Microsoft Entra Identity Governance capabilities make least-privilege enforcement more automated, contextual, and adaptive across the identity lifecycle:

• User-centric access reviews evaluate access across critical apps and resources to pinpoint excessive or outdated privileges for each individual user. This makes it easier to reduce privilege creep and improve remediation accuracy.
• Identity and insider risk-based entitlement management automatically initiates an additional approval workflow to access request when identity risk or insider threat indicators are detected, mitigating threats before they escalate.
• My Access enhancements, such as suggested access packages, dynamic approval, on-behalf of request, and the ability to delegate approvals, empower managers and delegates to review, approve, and act on access requests directly with built-in accountability. This shifts responsibility for governance from IT to business owners while ensuring decisions remain auditable and policy-driven.
• Lifecycle workflows via custom security attributes automatically align access to job changes, compliance needs, and security requirements, triggering automated onboarding, offboarding, or job-change actions based on role, clearance, or custom security attributes.

These new least-privilege capabilities transform governance from an overly manual process into one that’s smarter and self-regulating. Least privilege enforcement becomes dynamic and identity-aware, continuously tightening access based on user behavior, business context, and risk.

Modernize access for all apps

New Microsoft Entra capabilities simplify and secure access to every application—SaaS, cloud-native, and on-premises—by extending Zero Trust principles beyond the network perimeter:

• Intelligent local access routes access to on-premises apps and resources using smart, identity-based controls—without VPNs or manual configurations—providing a seamless user experience.
• Passwordless remediation enables secure, self-service recovery for lost passkeys, so users can stay productive without compromising security.

These capabilities help organizations modernize access with frictionless a user experience, intelligent routing, and identity at the core—enabling secure, adaptive connectivity for every app, device, and location.

Ready to secure AI and modernize identity?

• Watch the Ignite breakout session: Accelerate Zero Trust & Secure AI Access for live demos and customer stories
• Watch the Microsoft Entra Mechanics video for a deep dive into AI-aware protections
• Start your journey today: Entra Suite Trial

 

-Igor Sakhnov

Corporate Vice President, Deputy CISO, Identity

 

Learn more about Microsoft Entra  

Prevent identity attacks, ensure least privilege access, unify access controls, and improve the experience for users with comprehensive identity and network access solutions across on-premises and clouds. 

• ⁠Microsoft Entra News and Insights | Microsoft Security Blog
• ⁠⁠Microsoft Entra blog | Tech Community
• ⁠Microsoft Entra documentation | Microsoft Learn
• Microsoft Entra discussions | Microsoft Community