Microsoft demos Entra Secure Web + AI Gateway

Microsoft is marketing Entra Internet Access explicitly as an identity‑centric "Secure Web & AI Gateway" that covers AI apps, SaaS, and web access on its security product page. (microsoft.com)) Microsoft Learn and product documentation for the Secure Web and AI Gateway were updated in February 2026 and describe direct integration with Microsoft Copilot Studio agents plus Global Secure Access visibility for agent traffic. (learn.microsoft.com)) Microsoft says the gateway can block sensitive file uploads to external AI services and stop prompt‑injection attacks at the network layer "without modifying your applications or AI models," positioning it as a DLP control for AI traffic. (azurefeeds.com)) Configuration and enforcement require specific administrative roles: a Global Secure Access Administrator for Global Secure Access features and a Power Platform Administrator to manage Copilot Studio environments. (learn.microsoft.com)) The Entra docs and GitHub repo include how‑tos for traffic forwarding, traffic dashboards, and a Sentinel integration path, providing platform teams concrete telemetry and SIEM hooks for AI‑related network events. (github.com)) Microsoft framed these capabilities at Ignite 2025 as part of a broader push to manage and govern "agent" identities (Entra Agent ID) so enterprises can treat autonomous AI actors like named, controllable identities. (techcommunity.microsoft.com)) The vendor documentation and sample guides on Microsoft Docs and the MicrosoftDocs GitHub repository supply step‑by‑step configuration, policy examples, and role prerequisites that platform teams can adapt for API gateway insertion points or proxy‑level enforcement. (github.com))