Entra ID

Microsoft Entra Internet Access Adds AI Security

3 min read

Summary

Microsoft has announced new generally available and preview capabilities for Entra Internet Access and Entra Private Access, with a strong focus on securing AI, web, and private app traffic. The updates give IT teams more visibility into shadow AI, prompt injection risks, unmanaged devices, and private app access while extending Zero Trust controls across more scenarios.

Need help with Entra ID?Talk to an Expert

Introduction

Microsoft is expanding its identity-centric Secure Access Service Edge strategy with new features in Microsoft Entra Internet Access and Microsoft Entra Private Access. For IT admins, the big story is clearer control over AI usage, web traffic, and private app access without relying on traditional perimeter-based security.

What’s new in Entra Internet Access

Several AI and web protection features are now generally available:

  • Shadow AI discovery helps identify unsanctioned AI tools and SaaS apps being used across the organization.
  • Prompt Injection Protection is designed to stop malicious prompts that attempt to manipulate AI models or expose sensitive data.
  • Network content filtering can block sensitive file uploads to unapproved AI services.
  • URL filtering and threat intelligence improve protection against malicious or risky websites.
  • Cloud firewall for remote networks adds more granular policy enforcement for branch and remote site traffic.
  • iOS support and remote network connectivity extend protection to more user and device scenarios.

What’s new in public preview

Microsoft also introduced several preview features aimed at broader deployment flexibility:

  • BYOD with client in Entra Private Access for Zero Trust access from unmanaged devices.
  • Explicit Forward Proxy for Entra Internet Access to support agentless and legacy devices using PAC files.
  • Secure Browser Integration for Intune-managed Microsoft Edge with TLS inspection and policy enforcement.
  • Shadow MCP visibility to identify unauthorized or high-risk MCP servers and monitor AI-related traffic paths.

What’s new in Entra Private Access

For private applications, Microsoft is continuing its push away from legacy VPNs:

  • External User Access secures partners and contractors with Zero Trust controls.
  • Intelligent Local Access improves routing efficiency to reduce latency and avoid unnecessary backhauling.

Why this matters for IT admins

These updates matter because AI adoption is happening faster than many governance programs can keep up. Entra Internet Access gives administrators better visibility into shadow AI use and stronger controls to prevent data leakage and AI-specific threats. At the same time, Entra Private Access expands secure access options for contractors, unmanaged devices, and hybrid environments.

Next steps

IT teams should review whether current policies cover AI tools, unmanaged devices, and external users. If you are already using Microsoft Entra, this is a good time to evaluate the new generally available controls and test preview features such as Secure Browser Integration and BYOD access. Organizations still relying on traditional VPN and web filtering approaches should also assess whether Global Secure Access can simplify Zero Trust enforcement.

Need help with Entra ID?

Our experts can help you implement and optimize your Microsoft solutions.

Talk to an Expert

Stay updated on Microsoft technologies

Read the original article by Sinead_ODonovan
Microsoft EntraZero TrustAI securityPrivate AccessInternet Access

Related Posts

Entra ID

Azure AD B2C Migration Tools Now Available

Microsoft has released generally available migration tools and guidance to help Azure AD B2C customers move to Microsoft Entra External ID. With Azure AD B2C no longer receiving new features, these new options give IT teams a clearer path to modernize customer identity while reducing migration risk.

Entra ID

Microsoft Entra ID Security Updates: Key 2026 Changes

Microsoft is making three important Microsoft Entra ID security changes in 2026: retiring Custom controls in favor of External MFA, enforcing Conditional Access more consistently during credential registration, and requiring explicitly registered authentication methods for SSPR. These updates matter because they close policy enforcement gaps, improve identity security, and require admins to review configurations before enforcement deadlines arrive.

Entra ID

Global Secure Access Operations Guide Now Available

Microsoft has published a new Microsoft Entra Global Secure Access operations guide on Microsoft Learn to help teams manage day 2 operations after deployment. The guide provides prescriptive monitoring, health checks, role assignments, templates, and automation guidance so IT teams can run Global Secure Access more consistently and proactively.

Entra ID

Microsoft Entra Agent ID GA Secures AI Agents

Microsoft Entra Agent ID is now generally available, giving organizations a dedicated identity and access foundation for AI agents in production. Combined with the Microsoft Agent 365 CLI and SDK, it helps IT and security teams onboard, govern, audit, and secure agent instances across Microsoft and non-Microsoft frameworks.

Entra ID

Microsoft Entra June 2026: Passkeys, Linux MFA, B2C

Microsoft Entra’s June 2026 updates bring major identity improvements across passkeys, phishing-resistant MFA for Linux desktops, and Azure AD B2C migration to External ID. The release also adds cross-tenant group sync, app deactivation, redesigned My Account pages, and new governance features that help IT teams strengthen security and simplify administration.

Entra ID

Microsoft Entra Tenant Governance Finds Shadow Tenants

Microsoft Entra Tenant Governance now helps organizations discover shadow tenants connected through B2B collaboration, multitenant apps, and shared billing signals. The new related tenants capability gives IT teams continuous visibility into hidden tenant sprawl so they can assess risk, quarantine unsanctioned tenants, and tighten identity governance.