Configure Secure Web and AI Gateway for Copilot Studio agents (Preview)
Implementation Effort: Medium
User Impact: Medium
Overview
In a Zero Trust security model, all entities—including AI agents—must be continuously validated and subjected to granular security controls regardless of their purpose or perceived trustworthiness. As organizations increasingly adopt Microsoft Copilot Studio to build custom AI agents that interact with external resources and APIs, it becomes critical to apply the same network security policies to agent traffic that are enforced for human users.
Global Secure Access network controls for Microsoft Copilot Studio agents extend Zero Trust principles to autonomous AI systems by enabling identity-aware security policies on agent interactions with external resources. This integration ensures that AI agents operate within defined security boundaries, preventing them from accessing malicious destinations, exfiltrating data, or interacting with unsanctioned services—all while maintaining the productivity and functionality of legitimate agent operations.
Key Zero Trust outcomes for Copilot Studio agent security:
- Identity-aware agent traffic control: Apply network security policies specifically to AI agent traffic, treating agents as distinct security principals subject to Zero Trust validation
- Web content filtering for agents: Block agent access to malicious or inappropriate web categories (illegal software, NSFW sites, web repositories, etc.) to prevent data leakage and compromise
- Threat intelligence protection: Prevent agents from connecting to known malicious destinations identified by Microsoft and third-party threat intelligence feeds
- Network file filtering: Safeguard against unintended data exposure by controlling agent file transfers to unsanctioned destinations including generative AI applications
- Comprehensive visibility and monitoring: Track all agent network interactions through Global Secure Access traffic logs with agent-specific metadata
- Tenant-wide policy enforcement: Apply security policies uniformly across all Copilot Studio agents through baseline security profile
Implementation steps:
- Enable Global Secure Access for Agents in Power Platform Admin Center for target environments or environment groups
- Create or update custom connectors in Copilot Studio to route traffic through Global Secure Access
- Create security policies in Microsoft Entra admin center (web content filtering, threat intelligence, file policies)
- Link security policies to the baseline security profile (Conditional Access-linked profiles not yet supported for agents)
- Monitor agent traffic through Global Secure Access traffic logs and review for unusual patterns or blocked legitimate traffic
- Update filtering policies as new services or requirements emerge
- Test policy changes in development environment before applying to production
Important considerations:
- Only baseline profile enforcement is currently supported—network security policies apply per tenant, not per user/group
- Partner ecosystem integrations (third-party DLP) are not supported
- Several Copilot Studio features not supported: Bing search transactions, Dataverse/Azure SQL knowledge sources, specific custom tools (prompt, agent flow, Computer Use, child agents), and LLM orchestration requests
- Only specific Copilot Studio connectors support network security controls—refer to Power Platform documentation for supported connector list
- After enabling GSA for Agents in an environment, existing custom connectors must be recreated or updated
- Configuration changes typically take effect in less than 5 minutes