See the latest Microsoft Entra capabilities to control AI and web use, prevent risky uploads, and modernize private app access without legacy VPN friction.
One theme is crystal clear across the security industry: AI is transforming security, and security must transform with it. Organizations everywhere are embracing generative AI to boost productivity and accelerate innovation. But with this rapid adoption comes new challenges that security teams can’t ignore:
- Which AI tools are your employees using?
- Is sensitive data being uploaded to unsanctioned services?
- How do you prevent AI-specific attacks like prompt injection?
- How do you secure private apps without slowing down users?
These aren’t hypothetical questions. They’re the reality for every organization today. And the answer starts with identity.
Identity: The foundation for AI and app security
Traditional network security was built for a time when users, devices, and applications were mostly on-premises and predictable. Today, employees work from anywhere on any device, and generative AI and SaaS apps often sit outside the corporate perimeter. Static controls struggle to keep pace, creating gaps that increase risk.
That’s why we built Microsoft Entra Internet Access and Microsoft Entra Private Access within the Global Secure Access platform. These solutions extend Zero Trust protections to web, SaaS, AI, and private-app traffic. They provide the visibility and control organizations need to embrace AI and hybrid work with confidence—without slowing innovation.
A key capability of Microsoft Entra Internet Access is the Secure Web and AI Gateway, which applies identity-centric network controls to web and AI traffic. Identity-based network security ties access decisions to the user’s sign-in risk, device posture, and data sensitivity—not just an IP address or network location. This approach delivers consistent protection everywhere users work, reduces risk, and helps organizations scale AI adoption securely across the enterprise.
Late last year, we introduced most of the capabilities in public preview at Microsoft Ignite. Today, we’re excited to share the latest features now generally available in Microsoft Entra Internet Access and Private Access and to announce brand-new capabilities in public preview.
Figure 1: Microsoft’s identity-centric Secure Access Service Edge (SASE) solution.
Public preview: More flexibility for diverse environments
Microsoft Entra Internet Access & Microsoft Entra Private Access
We’re introducing new capabilities in public preview, giving you more options to secure every scenario:
- BYOD with client in Microsoft Entra Private Access lets you enforce Zero Trust for unmanaged devices, so employees and contractors can securely access private apps without compromising security or user experience.
- Explicit Forward Proxy for Microsoft Entra Internet Access extends secure web access to agentless and legacy devices using PAC file-based proxy configuration.
- Secure Browser Integration enables Intune-managed Microsoft Edge to route internet traffic through Microsoft Entra Internet Access using Explicit Forward Proxy with TLS termination and inspection, delivering deep visibility and policy enforcement for secure browsing.
- Shadow MCP visibility identifies unauthorized or high‑risk MCP servers on the network traffic and surfaces MCP data paths, logs, and observability to help monitor and manage AI‑related risk.
These new features help you reduce risk across every device type, simplify deployment, and deliver consistent protection everywhere.
Now generally available: New AI security capabilities
Microsoft Entra Internet Access
AI adoption is accelerating, but so are the risks. Employees often experiment with AI tools without IT approval, creating compliance and data security gaps. With Microsoft Entra Internet Access, you can see what is happening, protect what matters, and simplify how you manage it all.
- Shadow AI discovery gives you visibility into unsanctioned AI tools and SaaS apps so you can uncover unknown risks and make informed decisions before enforcing policy.
- Prompt Injection Protection helps block malicious prompts that could trick AI models into exposing sensitive data, reducing AI-specific attack risk without slowing innovation.
- Network content filtering prevents sensitive files from being uploaded to unsanctioned AI services, reducing compliance risk and data loss.
- URL filtering and threat intelligence block access to risky or malicious sites, enforce acceptable use policies, and reduce data leakage.
- Cloud firewall for remote networks provides advanced network-layer protection for traffic from remote sites, enabling granular policy enforcement and reducing exposure to threats.
- iOS support and remote network connectivity extend protection everywhere your users work.
The result is simple. Your teams can use AI tools to work smarter while you maintain control and reduce risk without introducing friction.
Figure2: Demo of prompt injection protection.
Now generally available: New capabilities for modernizing app connectivity
Microsoft Entra Private Access
While Internet Access secures your web and AI traffic, Microsoft Entra Private Access helps you replace legacy VPNs with Zero Trust Network Access for private apps:
- External User Access enforces Zero Trust for partners and contractors, simplifying onboarding while maintaining strong security.
- Intelligent Local Access improves user experience by routing traffic efficiently, reducing latency, and delivering consistent security without unnecessary backhauling.
- The result is a better experience for users and simpler operations for your IT teams.
Ready to secure AI and modernize identity?
- Watch the Microsoft Entra Showcase webinar
- Watch the Microsoft Entra Mechanics video for a deep dive into AI-aware protections
- Start your journey today: Entra Suite Trial
-Sinead O’Donovan | VP of Product Management, Identity and Network Access
Additional resources
- Securing the AI era starts with identity
- Microsoft Entra Internet Access | Microsoft Security
- https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-private-access
Learn more about Microsoft Entra
Prevent identity attacks, ensure least privilege access, unify access controls, and improve the experience for users with comprehensive identity and network access solutions across on-premises and clouds.
Microsoft