Listen to this Post
Introduction:
As organizations aggressively deploy autonomous AI agents to handle tasks once managed by humans, a dangerous oversight has emerged: unlike human users, these agents often operate without any network security controls, creating a massive blind spot for security teams. The Secure Web and AI Gateway for Microsoft Copilot Studio agents addresses this gap by allowing security architects to apply the same rigorous web content filtering policies to their AI agents as they do to their human employees. This capability effectively closes a critical vulnerability, preventing AI agents from accessing malicious sites, leaking sensitive data, or interacting with unauthorized services.
Learning Objectives:
- Objective 1: Learn to enable and enforce web content filtering policies on Copilot Studio agents using Global Secure Access.
- Objective 2: Understand the technical steps to create security policies in Microsoft Entra and link them to the tenant-wide baseline profile for agent traffic.
- Objective 3: Gain hands-on proficiency in monitoring agent network activity and troubleshooting policy enforcement.
You Should Know:
1. Extending Zero Trust to Autonomous AI Agents
The core concept is that AI agents are now distinct security principals that must be continuously validated. Microsoft’s solution is to forward all traffic from Copilot Studio agents through the Global Secure Access (GSA) service, a globally distributed proxy. Once forwarded, you can enforce the same security controls you use for your users, including web content filtering, threat intelligence filtering, and network file filtering. This is a foundational shift towards applying Zero Trust principles to non-human identities within your environment.
Step‑by‑step guide explaining what this does and how to use it.
1. Verify Prerequisites:
Ensure your tenant is onboarded to Global Secure Access.
Assign the `Global Secure Access Administrator` and `Power Platform Administrator` roles to your account.
Have a Microsoft 365 E5 license or the required add-ons (e.g., Microsoft Entra Suite).
2. Enable Agent Traffic Forwarding:
Sign in to the Power Platform admin center.
Navigate to Security > Identity & access.
Enable the toggle for Forward agent traffic to Global Secure Access for your target environment(s).
- Create a Web Content Filtering Policy in Microsoft Entra:
Sign in to the Microsoft Entra admin center.
Go to Global Secure Access > Security Policies.
Create a new policy of type Web Content Filtering.
Define your rules: block specific categories (e.g.,Illegal Software,NSFW), block specific URLs, or allow certain domains.
4. Link Policy to the Baseline Profile:
In the same Global Secure Access blade, navigate to Profiles.
Select the Baseline security profile.
Link the Web Content Filtering policy you just created to this profile. (Note: Conditional Access-linked profiles are not currently supported for agents).
5. Apply in Copilot Studio:
In Copilot Studio, existing custom connectors might need to be recreated or updated to route through the new policy.
Once enabled, when an agent makes a request, GSA evaluates it in real-time. A compliant request is allowed; a violating request is denied and logged for audit.
2. Hardening Agents with Advanced Threat Protection
Beyond web filtering, Copilot Studio agents have built-in protection against User-Injected Prompt Attacks (UPIA) and Cross-Domain Prompt Injection Attacks (XPIA) to reduce data exfiltration risks. However, for advanced threat monitoring, you can integrate external detection systems using a “bring your own protection” model. This allows you to connect Microsoft Defender or a third-party security partner to act as a real-time approval gate for agent actions.
Step‑by‑step guide explaining what this does and how to use it.
1. Register an Azure Entra Application:
As a Power Platform Administrator, create an Azure Entra app. This can be done via a provided PowerShell script or manually in the Azure portal.
You will need to provide a unique endpoint, which is given to you by your security provider of choice (e.g., Microsoft Defender).
2. Authorize the Security Provider:
Ensure your external security provider (e.g., your SIEM/SOAR or custom tool) has your Azure Entra application ID and can authenticate with it.
3. Configure the Integration:
Go to the Power Platform Admin Center > Security > Threat detection.
Enter the Azure Entra app details and the endpoint from your security partner.
Enable the integration. Once active, Copilot Studio shares runtime data with the provider for real-time decision-making.
3. Managing and Auditing Agent Activity
Security control is not complete without management and visibility. You can control an agent’s activity by running or pausing it, editing its settings, and managing its memory. For auditing, Microsoft Purview logs administrative events, and the Global Secure Access service provides detailed traffic logs with agent-specific metadata. You should regularly monitor these logs for unusual patterns, such as agents attempting to access blocked categories or making anomalous API calls.
- Tutorial: Command Line Simulation for Policy Validation (Linux)
You cannot directly query Microsoft Graph for agent policies with a simple `curl` command as a standard user, but you can simulate testing your policy logic. This script helps you validate if a destination is likely to be allowed or blocked based on typical category-based filtering.
!/bin/bash
Simulate checking a domain against a category-based policy
This requires you to manually define your block list for testing.
BLOCK_CATEGORIES=("illegal-software" "nsfw" "phishing" "command-and-control")
TEST_DOMAIN="$1"
if [ -z "$TEST_DOMAIN" ]; then
echo "Usage: $0 <domain_to_test>"
echo "Example: $0 malware.example.com"
exit 1
fi
echo "Testing domain: $TEST_DOMAIN"
Simulate a DNS lookup and content fetch (replace with actual checks)
In a real-world scenario, you'd use tools like 'dig', 'nslookup', or APIs.
This is a mock categorization check. Replace with a real database query.
For demonstration, assume domain contains 'malware' or 'bad' is blocked.
if [[ "$TEST_DOMAIN" == "malware" ]] || [[ "$TEST_DOMAIN" == "bad" ]]; then
CATEGORY="malware-sites"
ACTION="BLOCKED"
elif [[ "$TEST_DOMAIN" == "legal" ]] || [[ "$TEST_DOMAIN" == "docs" ]]; then
CATEGORY="business"
ACTION="ALLOWED"
else
CATEGORY="uncategorized"
ACTION="LOG-ONLY (Monitor)"
fi
echo "Simulated Category: $CATEGORY"
echo "Simulated Action: $ACTION"
Provide context for the action.
if [ "$ACTION" == "BLOCKED" ]; then
echo "Correlating agent's outbound request with Global Secure Access logs in Microsoft Entra is advised."
elif [ "$ACTION" == "ALLOWED" ]; then
echo "Allow-listed categories are typically accessible."
else
echo "Uncategorized domains may be subject to strict logging and review. Adjust your web content filtering policy accordingly."
fi
- Tutorial: Simulating Agent Policy Violation Detection with PowerShell (Windows)
This script simulates monitoring for patterns indicating a policy violation, such as an agent making rapid sequential requests to many different high-risk domains.
param(
[bash]$LogFilePath = "C:\Temp\AgentTrafficLogs.csv"
)
Sample log entry for demonstration
$sampleLogEntry = @"
Timestamp,AgentID,Destination,Action,PolicyCategory
2026-06-11 10:00:00,Agent-123,example.com,ALLOWED,Business
2026-06-11 10:00:05,Agent-123,bad-site.org,BLOCKED,Malware
2026-06-11 10:00:10,Agent-123,illegal-software.net,BLOCKED,Illegal Software
"@
$sampleLogEntry | Out-File -FilePath $LogFilePath -Force
Write-Host "Analyzing agent traffic for policy violations from: $LogFilePath"
Import the log data
$logs = Import-Csv -Path $LogFilePath
Group by AgentID and count blocked actions
$violationReport = $logs | Where-Object { $_.Action -eq "BLOCKED" } | Group-Object AgentID
foreach ($agent in $violationReport) {
$agentId = $agent.Name
$blockedCount = $agent.Count
Write-Warning "ALERT: Agent '$agentId' has been blocked $blockedCount time(s)."
Output the blocked destinations for this agent
$blockedDestinations = $logs | Where-Object { $<em>.AgentID -eq $agentId -and $</em>.Action -eq "BLOCKED" } | Select-Object -ExpandProperty Destination
Write-Host "Blocked destinations: $($blockedDestinations -join ', ')"
Recommended action
Write-Host "ACTION REQUIRED: Investigate this agent's behavior in the Power Platform Admin Center. Pause the agent if necessary and review its configured actions/tools." -ForegroundColor Red
}
What Undercode Say:
- Key Takeaway 1: The Secure Web and AI Gateway is not a “nice-to-have” but an essential security control for any organization deploying AI agents, as it directly addresses the “shadow agent” visibility gap.
- Key Takeaway 2: Implementing these policies shifts AI security from a reactive model to a proactive, Zero Trust model where every outbound request from an agent is verified, ensuring compliance and preventing data exfiltration.
Prediction:
- +1 Within 18 months, applying web filtering and runtime threat protection to AI agents will become a mandatory compliance requirement for regulated industries like finance and healthcare, similar to how user web filtering is standard today.
- +1 The “bring your own protection” model for agents will catalyze a new ecosystem of third-party security tools specialized in detecting anomalous agentic behavior, such as covert prompt injection and orchestration tampering.
- -1 Agents that are not secured with these policies will become the primary initial access vector for threat actors, as they represent highly privileged, overlooked, and automated accounts within corporate networks.
▶️ Related Video (74% Match):
🎯Let’s Practice For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
IT/Security Reporter URL:
Reported By: Nathanmcnulty Do – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
