Uncover shadow AI, block threats, and protect data with Microsoft Entra Internet Access

The browser has become the operating system of the modern organization. It’s where employees collaborate, access SaaS apps, and increasingly, where they engage with generative AI tools. But as work shifts to the web, so does risk.

Security teams now face growing blind spots: encrypted traffic obscures visibility, unsanctioned AI usage introduces compliance concerns, and traditional controls often stop at sanctioned apps, leaving a wide perimeter of unmanaged exposure. Modern threats exploit this gap. Phishing payloads, malware downloads, and command-and-control callbacks are increasingly embedded in encrypted sessions, evading legacy detection tools.

To close this gap, Microsoft Entra Internet Access introduces three new capabilities:

• Application insights & analytics (shadow AI & IT discovery) – now in public preview
• Threat intelligence filtering
• Netskope One Advanced Security Service Edge (SSE) integration – now in public preview

Together, these innovations provide comprehensive visibility, precise control, and proactive enforcement across the open internet—without endpoint complexity or disruption to users.

Shadow AI & IT discovery: See what’s really being used

Generative AI is changing workplace processes, with 75% of knowledge workers already using tools like Copilot, ChatGPT or Cursor[1]. However, many use generative AI tools without IT approval, creating risks such as compliance issues, data exposure, and operational gaps.

Traditional tools use fixed blocklists and allowlists that only indicate what’s allowed or denied. This approach falls short as new AI tools appear rapidly and user behavior constantly changes.

Microsoft Entra Internet Access now offers Application Insights and Analytics, leveraging the app catalog experience in Defender for Apps, to enable your security team to monitor generative AI and cloud app usage across the organization in real time. Security teams can use:

• A real-time inventory of GenAI tools accessed across your environment.
• Usage insights by number of users and risk level, for all cloud applications.
• Policy controls to block, allow, or require just-in-time access to specific tools.

                                                                              Application Insights and Analytics dashboard.

This capability shifts governance from reactive to proactive. Security teams can make data-driven decisions that support innovation, without sacrificing control or compliance.

Threat intelligence filtering: Block malicious destinations in real time

Modern threats don’t wait for your tools to catch up. Malicious domains hosting phishing links, malware downloads, or command-and-control (C2) callbacks often hide in encrypted traffic and may exist for only hours or even minutes —but that’s enough to compromise a user, exfiltrate data, or move laterally.

Microsoft Entra Internet Access is set to launch Threat Intelligence Filtering, delivering Microsoft’s global threat signals to your network edge.

This feature is built on Microsoft's first-party threat intelligence and third-party feeds—the same intelligence that protects Azure Firewall, Azure Front Door, and Bing Ads.  This feature:

• Evaluates up to 1 million indicators in real time.
• Blocks access to known malicious domains and URLs.
• Applies protection consistently across use, on-network or remote.

 

                                                                                            Configuring a threat intelligence policy.

Whether it’s a phishing link in an email or a compromised app beaconing out, Microsoft Entra blocks the connection instantly. Events are logged in the Microsoft Entra admin center and can be correlated with Defender alerts for rapid response.

Netskope One Advanced SSE integration: Extend data and threat protection to the web

Traditional app-specific controls face limitations as users increasingly use GenAI tools, submit sensitive data through web forms, and access unsanctioned sites, resulting in reduced visibility, data governance, and threat defense. At the same time, GenAI is being used to automate phishing, create polymorphic malware, and circumvent detection, which presents challenges for legacy security methods.

To close these gaps, Microsoft Entra Internet Access now integrates with Netskope One Advanced SSE, delivering in-line data loss prevention (DLP) and advanced threat protection (ATP) across all web sessions, regardless of app, device, or user location. You can sign up to evaluate this offer in Marketplace under Global Secure Access in the Microsoft Entra admin center.

This integration combines Microsoft Entra Conditional Access with Netskope’s content inspection and granular activity controls, allowing real-time adaptive policies based on user identity, role, device posture, and risk—offering greater precision than standalone SSE tools.

Organizations using this solution can:

• Inspect all network activity—including uploads, form submissions, and GenAI interactions— using pre-defined templates to proactively stop data exfiltration.
• Detect and block malware, phishing, and suspicious files using inline scanning, threat intelligence, and sandboxing—even within encrypted sessions.
• Enforce identity-centric DLP and ATP policies directly from the Microsoft Entra admin center, thereby decreasing total cost of ownership and accelerating incident response.

This integration enables organizations to maintain both visibility and user experience by merging identity context with advanced content inspection. It offers adaptive Zero Trust protection, speeds up response, reduces tool sprawl, and is managed via the Entra admin center.

 

                                                                                       Enabling Netskope integration in Marketplace.

What this means for you

These aren’t just new features. These are targeted solutions to the blind spots that have made AI usage, encrypted threats, and data exfiltration difficult to manage and even harder to mitigate. With Microsoft Entra Internet Access:

• You don’t have to guess which AI tools are being used; you can see them.
• You don’t have to wait for a threat to be reported; you can block it in real time.
• You don’t have to choose between innovation and control; you can have both.

Whether you’re a security engineer, compliance lead, or IT decision maker, these capabilities are designed to make your job easier, your environment safer, and your policies smarter.

Get started

Microsoft Entra Internet Access is designed for AI-driven, cloud-based workplaces. It helps govern AI use, prevent threats, and safeguard sensitive data in web interactions.

If you’re ready to dive-deeper, explore the documentation below and start testing these capabilities in your environment:

• Shadow AI & IT discovery
• Threat intelligence filtering  
• Netskope One Advanced SSE integration

 

-Ashish Jain, Principal Group Product Manager, Identity & Network Access

 

Read more on this topic

• Microsoft Entra Suite Trial - Sign up
• Microsoft Entra Suite Trial Guide

Learn more about Microsoft Entra

Prevent identity attacks, ensure least privilege access, unify access controls, and improve the experience for users with comprehensive identity and network access solutions across on-premises and clouds.

• ⁠Microsoft Entra News and Insights | Microsoft Security Blog
• ⁠⁠Microsoft Entra blog | Tech Community
• ⁠Microsoft Entra documentation | Microsoft Learn
• Microsoft Entra discussions | Microsoft Community 

 

[1] Microsoft 2024 Work Trend Index