Microsoft Entra Internet Access
Secure employee access to AI apps and agents, SaaS, and the web with an identity-centric secure web and AI gateway.
Introducing Microsoft’s secure web and AI gateway
Dive into key updates from Ignite and learn about the first identity‑centric secure web and AI gateway.
Secure access for the AI era
Secure AI, SaaS, and web access with adaptive, identity-centric policies.
Extend conditional access to internet security
Strengthen your organization's Zero Trust posture by eliminating gaps in defenses with holistic, adaptive access policies that converge conditional access, continuous access evaluation, and network security controls in one place.
Defend users from web-based threats
Protect users from phishing, malware, and unsafe browsing by extending global threat intelligence to every internet session. Enforce safe access to SaaS and web apps with policy-driven controls that block risky or unsanctioned destinations without slowing productivity.
Discover and secure AI across the network
Confidently manage AI usage with network-level visibility and protection. Discover shadow or unsanctioned AI use, enforce AI-aware policies, and block prompt-injection or data exfiltration attempts in real time.
Microsoft Entra Internet Access capabilities
Discover unsanctioned employee AI usage
Monitor AI and SaaS app usage in real time, including risk scoring, enrichment, and trend analysis for better policy decisions.
Stop prompt injection attacks
Extend Azure AI Prompt Shields to all network traffic to block prompt injection attempts on AI apps and agents.
Protect sensitive data with network file filtering
Leverage Microsoft Purview classification to detect and prevent sensitive content in files from being shared with AI apps and agents.
Secure agents in AI gateway controls
Protect Copilot Studio agents with secure connectivity and policy enforcement through the AI gateway.
Control and secure model context protocol (MCP) endpoints
Discover unsanctioned MCP servers and block access by URL to control agent connections.
Block malicious destinations with threat intelligence filtering
Use Microsoft’s global threat intelligence to automatically stop access to known malicious sites and IPs.
Prevent access to risky web content
Control access to web categories, URLs, and fully qualified domain names (FQDNs) with granular policies to reduce risk and enforce secure browsing.
Inspect encrypted traffic with transport layer security (TLS) inspection
Decrypt and analyze encrypted web traffic for potential data theft, malware, and advanced threats.
Microsoft Entra Suite
Originally starting from $12.00 now starting from $12.00
$12.00 $12.00
user/month, paid yearly
(annual commitment)
Microsoft Entra Internet Access is included in the Microsoft Entra Suite.
- Unify conditional access
- Ensure least privilege access
- Improve the user experience
- Modernize your on-premises infrastructure
The Microsoft Entra Suite delivers unified Zero Trust user access, enabling your employees to securely access any cloud and on-premises application, with least privilege access, across public and private networks inside and outside your corporate perimeter. The Microsoft Entra Suite combines network access, identity protection, governance, and identity verification solutions.
Strengthen identity fundamentals for the AI era
Secure access for your workforce with Microsoft Entra Suite
Secure access for your customers and partners
Secure access for agents
Resources and documentation
Microsoft Mechanics: Microsoft’s SSE solution
Check out how Entra Internet Access protects sensitive data from AI apps and stops prompt injection without code changes, plus new innovations with Private Access.
Microsoft Entra Internet Access datasheet
Learn more about the key benefits of Microsoft Entra Internet Access.
Microsoft Entra Internet Access documentation
Learn how to manage, configure, and deploy Microsoft Entra Internet Access from the Microsoft Entra admin center.
Follow Microsoft Security