Entra ID

Microsoft Entra Internet Access Adds AI Security

3 min read

Summary

Microsoft has announced new generally available and preview capabilities for Entra Internet Access and Entra Private Access, with a strong focus on securing AI, web, and private app traffic. The updates give IT teams more visibility into shadow AI, prompt injection risks, unmanaged devices, and private app access while extending Zero Trust controls across more scenarios.

Need help with Entra ID?Talk to an Expert

Introduction

Microsoft is expanding its identity-centric Secure Access Service Edge strategy with new features in Microsoft Entra Internet Access and Microsoft Entra Private Access. For IT admins, the big story is clearer control over AI usage, web traffic, and private app access without relying on traditional perimeter-based security.

What’s new in Entra Internet Access

Several AI and web protection features are now generally available:

  • Shadow AI discovery helps identify unsanctioned AI tools and SaaS apps being used across the organization.
  • Prompt Injection Protection is designed to stop malicious prompts that attempt to manipulate AI models or expose sensitive data.
  • Network content filtering can block sensitive file uploads to unapproved AI services.
  • URL filtering and threat intelligence improve protection against malicious or risky websites.
  • Cloud firewall for remote networks adds more granular policy enforcement for branch and remote site traffic.
  • iOS support and remote network connectivity extend protection to more user and device scenarios.

What’s new in public preview

Microsoft also introduced several preview features aimed at broader deployment flexibility:

  • BYOD with client in Entra Private Access for Zero Trust access from unmanaged devices.
  • Explicit Forward Proxy for Entra Internet Access to support agentless and legacy devices using PAC files.
  • Secure Browser Integration for Intune-managed Microsoft Edge with TLS inspection and policy enforcement.
  • Shadow MCP visibility to identify unauthorized or high-risk MCP servers and monitor AI-related traffic paths.

What’s new in Entra Private Access

For private applications, Microsoft is continuing its push away from legacy VPNs:

  • External User Access secures partners and contractors with Zero Trust controls.
  • Intelligent Local Access improves routing efficiency to reduce latency and avoid unnecessary backhauling.

Why this matters for IT admins

These updates matter because AI adoption is happening faster than many governance programs can keep up. Entra Internet Access gives administrators better visibility into shadow AI use and stronger controls to prevent data leakage and AI-specific threats. At the same time, Entra Private Access expands secure access options for contractors, unmanaged devices, and hybrid environments.

Next steps

IT teams should review whether current policies cover AI tools, unmanaged devices, and external users. If you are already using Microsoft Entra, this is a good time to evaluate the new generally available controls and test preview features such as Secure Browser Integration and BYOD access. Organizations still relying on traditional VPN and web filtering approaches should also assess whether Global Secure Access can simplify Zero Trust enforcement.

Need help with Entra ID?

Our experts can help you implement and optimize your Microsoft solutions.

Talk to an Expert

Stay updated on Microsoft technologies

Read the original article by Sinead_ODonovan
Microsoft EntraZero TrustAI securityPrivate AccessInternet Access

Related Posts

Entra ID

SASE 101 in Microsoft Entra: How to Get Started

Microsoft’s latest Entra guidance explains SASE fundamentals for organizations modernizing secure access in cloud-first and hybrid work environments. The post clarifies how SASE differs from SSE, how it supports Zero Trust, and how teams can begin with Microsoft Global Secure Access.

Entra ID

Microsoft Entra Account Discovery Closes App Gaps

Microsoft has introduced Account Discovery in Microsoft Entra ID Governance public preview to help organizations identify existing user accounts and permissions inside connected applications. The feature gives identity teams a clearer view of matched, unassigned, and orphaned accounts so they can bring unmanaged access under policy and reduce identity risk.

Entra ID

Agentic Identity Standards: Microsoft Entra’s View

Microsoft has outlined how identity standards are evolving to support AI agents and other non-human identities in enterprise environments. The company highlights key standards work around trust bootstrapping, delegation, and reducing shared-secret use, signaling important changes for Entra administrators planning secure AI agent access.

Entra ID

Microsoft Entra Agent ID Tackles AI Agent Sprawl

Microsoft is positioning Entra Agent ID as the identity foundation for governing AI agents as first-class identities across the enterprise. Combined with Microsoft Agent 365, it gives organizations centralized visibility, lifecycle governance, and Conditional Access-style protections to reduce risk as agent adoption accelerates.

Entra ID

Entra TCM APIs GA for Tenant Configuration Management

Microsoft has made the Tenant Configuration Management (TCM) APIs in Microsoft Graph generally available, giving organizations a scalable way to define, export, monitor, and manage tenant configurations. The release matters because it enables a configuration-as-code approach in Microsoft Entra, helping IT teams reduce drift, improve compliance, and automate governance across multi-tenant environments.

Entra ID

Microsoft Entra License Usage Insights Now GA

Microsoft has made License usage insights generally available in the Microsoft Entra admin center, giving IT admins clearer visibility into license entitlements and premium feature adoption. The update adds six months of usage trends, active versus guest user reporting, and Copilot prompt suggestions to support budgeting, compliance, and rollout planning.