Microsoft Entra: What’s New in Secure Access on the AI Frontier

Agentic AI is front and center as Microsoft welcomes security professionals to Ignite this week in San Francsico.

Advancements in AI and agents are already assisting identity and networks access teams in frontier firms.^[1] For example, a recent Microsoft study^[2] found that admins using the Conditional Access Optimization Agent in Microsoft Entra completed key tasks 43% faster and with 48% more accuracy. This includes an incredible 204% improvement in detecting missing baseline policies.

But cybercriminals and nation-state threat actors are also using AI to unleash more advanced and harder-to-detect campaigns.^[3] This creates a dilemma for security professionals:

How do I help my organization move fast with AI while managing risk effectively?

The good news for those who’ve deployed Microsoft Entra is that you’re already ahead. Entra, which unifies identity and network access solutions, is still the foundation of your Zero Trust strategy for the Era of Agentic AI. In fact, for nine consecutive years, Microsoft has been named a Leader in the Gartner® Magic Quadrant™ for Access Management—which I believe illustrates our commitment to excellence.

.And today, we’re launching powerful enhancements to Microsoft Entra to help you stay ahead by:

• Managing, protecting, and governing agents efficiently.
• Securing workforce access to AI resources.
• Empowering your team with Microsoft Entra agents.
• Strengthening your security posture via multilayer access controls.

⏰ Tune in for today’s Ignite session with Joy Chik, Microsoft Entra: What's New in Secure Access on the AI Frontier at 1:00 PM PST. 

Manage, protect, and govern AI agents

When we released the initial preview of Microsoft Entra Agent ID in May, we learned that few organizations understood how many agents were in their environment. Before you can securely manage, protect, and govern this new type of identity, you need visibility. Then you need the right controls, because agent sprawl can quickly lead to excessive permissions, orphaned accounts, and increased risk.

Today we announced an expanded Public Preview of Microsoft Entra Agent ID, so you can secure access for AI agents with the same infrastructure you trust for your workforce identities.

                                                                          Get insights on agents in your environment with Microsoft Entra Agent ID.

The new capabilities in Microsoft Entra Agent ID help you:

• Register and manage agents. Entra Agent ID gives you a complete inventory of your agent fleet, ensures that new agents get a built-in identity, and automatically protects them with your organization’s policies. An agent registry powers agent discoverability across your Microsoft Security stack, as well as in the Microsoft 365 admin center.
• Govern agent identities and lifecycles. Lifecycle management and IT-defined guardrails, for both agents and the people who create and manage them, keep your agent fleet under control. Access packages ensure that agent access is intentional, auditable, and time-bound.
• Protect agent access to resources. Identity protection, Conditional Access, and network controls reduce the risk of breaches, block risky agents, and prevent agent access to malicious resources. Threat intelligence filtering, file upload/download restrictions, and URL filtering block agent access to malicious internet destinations.  

📺 Watch the Ignite session Secure access for AI agents with Microsoft Entra at 3:45PM today to see the new capabilities of Microsoft Agent ID.

Microsoft Entra Agent ID is included in Microsoft Agent 365, the control plane for agents

Microsoft Entra Agent ID serves as the identity foundation, Zero Trust policy engine, and enforcer of least privilege access for the new Microsoft Agent 365, the control plane for agents announced today at Ignite.

It takes the same infrastructure that you trust to manage and secure your people and extends it to agents, equipping frontier organizations with leading Microsoft security, productivity, and collaboration solutions. It uses Microsoft Entra to secure agent access to resources, Microsoft Purview to protect and govern data that agents use and create, and Microsoft Defender to shield agents from threats and vulnerabilities. To accelerate productivity and human-agent workflows, Agent 365 taps into Work IQ, Microsoft 365, Power Apps, and Power BI. Management and visibility come together in one place: the Microsoft 365 admin center.

Agent 365 isn’t just for agents from Microsoft. It’s for making any agent enterprise-ready with minimal effort. Because it’s open by design, Agent 365 can govern and secure agents built in-house or by third parties. In fact, we’ve been working across our partner ecosystem from the start, and leading vendors are already using our SDK to integrate their agents.

• Get access to the public preview of Microsoft Entra Agent ID.
• Read technical documentation for Microsoft Entra Agent ID on Microsoft Learn.
• Read the announcement blog for Microsoft Entra Agent 365. 

Protect your workforce as they use AI

AI is powering new business models and user experiences—but it’s also introducing new risks. To provide your users with fast and seamless access to AI while safeguarding against threats, the Microsoft Entra Suite is adding new capabilities.

First, we’re expanding Microsoft Entra Internet Access to secure access to and usage of generative AI (GenAI) at the network level. Our Secure Web Gateway (SWG) is now a Secure Web and AI Gateway. It allows you to secure, govern, and monitor network access to any AI or agent from any provider, running on any platform.

AI-centric capabilities now in Public Preview include:

• Prompt injection protection blocks malicious prompts in real time by extending Azure AI Prompt Shields to the network layer—ensuring consistent protection across all AI apps, agents, and LLMs without per-app retrofitting.
• Network file filtering inspects file content and metadata in transit and integrates with Microsoft Purview to enforce Sensitive Information Types and Exact Data Match policies—preventing regulated or confidential data from being uploaded to unsanctioned AI services.
• Shadow AI detection provides deep visibility into unsanctioned AI tools through Cloud Application Analytics and Defender for Cloud Apps risk scoring—empowering security teams to monitor usage trends and apply Conditional Access or block high-risk apps.
• Block unsanctioned MCPs blocks employee access to MCP servers by URL.

With these controls, you can accelerate GenAI adoption while maintaining compliance and reducing risk, so employees can experiment with new AI tools safely. 

🗓️ Watch the Microsoft Ignite session Microsoft Entra Suite: Accelerate Zero Trust and Secure AI Access.

• Watch this Microsoft Mechanics video about Microsoft Entra Internet Access. 
• Learn more at the Microsoft Entra Internet Access webpage.

Prevent attacks with multilayered access controls

According to the latest Microsoft Digital Defense Report, identity-based attacks increased by 32% in the first half of 2025, likely because adversaries are adopting AI. Not only are these attacks occurring more frequently, but they’re also becoming more sophisticated.

For example, AI-automated phishing emails achieved 54% click-through rates while human-created phishing emails achieved 12%. And deepfakes—using AI to create highly realistic audio and visual content for malicious purposes—can fuel identity fraud without secure identity verification at critical points in the lifecycle, such as account recovery.

Cultivating strong identity and network fundamentals is more important than ever.

Phishing-resistant multifactor authentication (MFA) prevents 99.6% of identity-based attacks, but only for organizations that implement it. Today, we're announcing a Public Preview of Microsoft Entra ID enhancements that simplify MFA use, so organizations can move beyond passwords and fully enable passkeys. These enhancements include:

• Synced passkeys. Microsoft Entra now supports synced passkeys from Apple, Google, and other credential providers, which offers easy registration and authentication experiences while protecting against phishing
• Passkey profiles. Support for granular, group-based configurations in the passkey authentication methods policy, so admins can specify different passkey types or providers for different user groups.
• Self-remediation for passwordless users. Risk-based access policies in Microsoft Entra Conditional Access now support auto-remediation of risks across all authentication methods, including passwordless ones. This revokes compromised sessions in real-time, enables frictionless self-service, and reduces help-desk load. 
• Self-service account recovery. Users can regain access quickly with Verified ID Face Check and a government-issued ID if their device is lost or stolen, saving time for the Help Desk and strengthening the credential lifecycle.

Effective multilayered access control requires secure network access management and ongoing traffic monitoring for risks and threats. The following capabilities of Microsoft Entra Suite are now in Public Preview: 

• User-centric access reviews. Admins can initiate periodic reviews focused on individual users across multiple business critical applications and resources.
• Risk-based approval in entitlement management. Microsoft Entra ID Protection and Microsoft Purview Insider Risk Management signals are integrated into access package approval workflows. This inserts a mandatory risk-based approval step before the standard access package approval chain, ensuring elevated scrutiny for high-risk scenarios while preserving existing governance configurations.
• Threat intelligence filtering: Based on threat intelligence, admins can automatically block known malicious sites (both FQDNs and URLs) as well as destination IP-based destinations sourced from multiple signals and systems deployed worldwide. 
• URL filtering. Admin-configurable, context-aware URL filtering policies on web content can block or allow custom URLs based on rich context awareness (device, user, risk, location, etc.) leveraging Conditional Access integration.
• Guest access. Admins can enable external users from a different tenant to access private apps in a resource tenant.

👀 Check out the Entra + Defender session at Ignite on Wednesday: Identity Under Siege: Modern ITDR from Microsoft.

• Learn more about phishing-resistant multifactor authentication (MFA)
• Learn more about expanded Microsoft Entra support for passkeys

Use AI to secure your workforce

Since adversaries are moving with the speed of AI, so must defenders. Security Copilot continues to enhance scenarios in Microsoft Entra and a growing collection of Security Copilot agents within the Microsoft Entra admin center to help you detect risks, enforce Zero Trust policies, and respond faster and more accurately than ever.

Microsoft Entra Agent ID gives every Security Copilot agent a unique, governed identity in Microsoft Entra so admins can grant them explicit, least-privilege permissions. With visibility and control, you can feel confident about what each agent can access and do, in alignment with Secure by Design principles.

Our expanded collection of Microsoft Entra agents work across your entire environment to reduce risk, boost efficiency, and strengthen your identity security posture:

• Conditional Access Optimization Agent has powerful new capabilities. It continuously analyzes your policies across identities, devices, and network conditions, ensuring every user and application remains protected. It also recommends policies to ensure AI Agents meet Zero Trust principles. Public Preview
• Access Review Agent transforms access reviews with the power of AI by analyzing sign in activity, peer group changes, and unusual access patterns, suggesting actions to enforce least privilege. It can save your reviewers time and make your organization more compliant by engaging reviewers directly in Microsoft Teams to approve or revoke access. Public Preview
• Identity Risk Management Agent monitors risky users in real time and guides effective remediation, helping you perform reviews in minutes instead of hours. With this agent, you can also approve, dismiss, or tailor remediations with natural language chat, one-click actions, and persistent memory for custom instructions. This helps reduce alert fatigue and address identity risk faster. Public Preview in December 2025.

• App Lifecycle Management Agent helps you manage the full lifecycle of apps in Microsoft Entra, from discovery and onboarding to risk remediation and decommissioning. It correlates identity and network signals from Global Secure Access telemetry data to surface unmanaged private apps and Microsoft Entra application data. It provides clear, AI-driven recommendations to reduce app sprawl and enforce governance at scale. Public Preview in December 2025.

To make the agents easily accessible and help teams get started more quickly, we are excited to announce that Security Copilot will be available to all Microsoft 365 E5 customers. Rollout starts today for existing Security Copilot customers with Microsoft 365 E5 and will continue in the upcoming months for all Microsoft 365 E5 customers. Customers will receive advanced notice before activation. Learn more about Security Copilot for M365 E5 customers.   

🌈 Watch the Microsoft Ignite session Security Copilot: Your agentic workforce for smarter, faster defense

• Get details about Security Copilot agents in Entra on Microsoft Learn

Supporting identity admins with natural language access to Microsoft Entra data

For those building your own AI agents or Copilot extensions, we’re introducing our MCP Server for Enterprise, which is a secure, Microsoft-hosted implementation of the open Model Context Protocol (MCP). It enables AI tools, Copilots, and custom agents to connect securely through a standardized, governed interface to Microsoft Entra data like users, apps, policies, and network access.

MCP Server for Enterprise can reduce integration time from weeks to hours, improve compliance and observability, and ensure that your custom agents operate with the same level of trust and protection as built-in agents that Microsoft provides.

• Learn more about MCP Server for Enterprise

Securing access in the AI frontier requires teamwork

I invite you to explore the new capabilities announced today and connect with us at Microsoft Ignite and the Microsoft Entra community on LinkedIn. Thank you for continuing to work with us to secure access in the AI Era.

-Joy

LinkedIn: Joy Chik

 

⭐ Here’s your guide to all the Microsoft Entra sessions this week at Microsoft Ignite!

 

[1] Learn more at the Work Trend Index Annual Report from Microsoft, 2025: The year the Frontier Firm is born.

[2] Read the report: Randomized Controlled Trials for Conditional Access Optimization Agent, October 2025, Microsoft Corporation.

[3] The Microsoft Digital Defense Report reveals the latest tactics by AI-powered attackers and what defenders need to know.

 

Learn more about Microsoft Entra  

Secure access for any identity to any AI, app, or resource anywhere.

• ⁠Microsoft Entra News and Insights | Microsoft Security Blog
• ⁠⁠Microsoft Entra blog | Tech Community
• ⁠Microsoft Entra documentation | Microsoft Learn
• Microsoft Entra discussions | Microsoft Community