Microsoft Entra Internet Access Adds AI Security

Introduction

Microsoft is expanding its identity-centric Secure Access Service Edge strategy with new features in Microsoft Entra Internet Access and Microsoft Entra Private Access. For IT admins, the big story is clearer control over AI usage, web traffic, and private app access without relying on traditional perimeter-based security.

What’s new in Entra Internet Access

Several AI and web protection features are now generally available:

• Shadow AI discovery helps identify unsanctioned AI tools and SaaS apps being used across the organization.
• Prompt Injection Protection is designed to stop malicious prompts that attempt to manipulate AI models or expose sensitive data.
• Network content filtering can block sensitive file uploads to unapproved AI services.
• URL filtering and threat intelligence improve protection against malicious or risky websites.
• Cloud firewall for remote networks adds more granular policy enforcement for branch and remote site traffic.
• iOS support and remote network connectivity extend protection to more user and device scenarios.

What’s new in public preview

Microsoft also introduced several preview features aimed at broader deployment flexibility:

• BYOD with client in Entra Private Access for Zero Trust access from unmanaged devices.
• Explicit Forward Proxy for Entra Internet Access to support agentless and legacy devices using PAC files.
• Secure Browser Integration for Intune-managed Microsoft Edge with TLS inspection and policy enforcement.
• Shadow MCP visibility to identify unauthorized or high-risk MCP servers and monitor AI-related traffic paths.

What’s new in Entra Private Access

For private applications, Microsoft is continuing its push away from legacy VPNs:

• External User Access secures partners and contractors with Zero Trust controls.
• Intelligent Local Access improves routing efficiency to reduce latency and avoid unnecessary backhauling.

Why this matters for IT admins

These updates matter because AI adoption is happening faster than many governance programs can keep up. Entra Internet Access gives administrators better visibility into shadow AI use and stronger controls to prevent data leakage and AI-specific threats. At the same time, Entra Private Access expands secure access options for contractors, unmanaged devices, and hybrid environments.

Next steps

IT teams should review whether current policies cover AI tools, unmanaged devices, and external users. If you are already using Microsoft Entra, this is a good time to evaluate the new generally available controls and test preview features such as Secure Browser Integration and BYOD access. Organizations still relying on traditional VPN and web filtering approaches should also assess whether Global Secure Access can simplify Zero Trust enforcement.