Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
As organizations adopt autonomous and interactive AI agents to perform tasks previously handled by humans, administrators need visibility and control over agent network activity. Global Secure Access for agents provides network security controls for Microsoft Copilot Studio agents, enabling you to apply the same security policies to agents that you use for users.
With Global Secure Access for agents, you can regulate how agents use knowledge, tools, and actions to access external resources. You can apply network security policies including web content filtering, threat intelligence filtering, and network file filtering to agent traffic.
How network security for Copilot Studio agents works
To enforce network security controls on Copilot Studio agents, you forward agent traffic to Global Secure Access's globally distributed proxy service. You enable traffic forwarding in the Power Platform Admin Center on a per-environment or per-environment-group basis.
Agent traffic forwarding applies to multiple traffic types, including:
- HTTP Node traffic
- Custom connectors
- MCP Server Connector
Once agent traffic is forwarded to Global Secure Access, you can apply security policies to the traffic. The service evaluates agent traffic against your configured security policies, similar to how it evaluates user traffic.
Security policies for agents
Security policies for agents are configured using the baseline profile in Global Secure Access. The baseline profile applies security policies at the tenant level, ensuring consistent security controls across all agent traffic.
How to get started
Microsoft Entra Agent ID is part of Microsoft Agent 365. To use Agent ID features, users need a Microsoft Agent 365 or Microsoft 365 E7 license. All agents acting on behalf of a licensed user are covered under that user's license. Agents don't require their own license. For pricing details, see Microsoft Agent 365 licensing FAQ.
Some Microsoft Entra security features for agents require additional licensing:
- Conditional Access for agents: Microsoft Entra ID P1 or Microsoft 365 E3.
- ID Protection for agents: Microsoft Entra ID P2, Microsoft 365 E5, or Microsoft Entra Suite.
- ID Governance for agents: Microsoft Entra ID P2, Microsoft 365 E5, or Microsoft Entra Suite.
- Network controls for agents: Microsoft Entra Internet Access, included in Microsoft Entra Suite or licensed separately. For more information, see What is Global Secure Access.