Configure web content filtering for AI app categories
Implementation Effort: Low – Requires creating a web content filtering policy in the Microsoft Entra admin center with rules targeting AI-related web categories; minimal infrastructure changes.
User Impact: Medium – Users attempting to access blocked AI applications or categories will see connection errors; communication about acceptable AI usage is recommended.
Overview
Without web content filtering, every user and agent in the organization can reach any generative AI service on the internet. This includes AI tools that have no enterprise data protection controls, no usage agreements with the organization, and no visibility into what data users share with them. The security team may have identified unsanctioned AI apps through discovery, but discovery alone does not prevent access — it only reports on it. Filtering is the enforcement layer that turns visibility into control.
Web content filtering in Global Secure Access enables the organization to create policies that block or allow access to specific web categories, URLs, and FQDNs. For AI governance, this means targeting the generative AI web category alongside any specific domains identified during discovery as high-risk. Policies are assembled into security profiles, which are then linked to Conditional Access policies for user-aware enforcement or to the baseline profile for tenant-wide enforcement including remote network traffic. The filtering is context-aware — it uses the signed-in user's identity and Conditional Access evaluation to determine which policies apply, making it possible to allow AI tool access for specific teams while blocking it for others.
This supports Use least privilege access by restricting AI app access to only the services and user populations that have been explicitly approved, rather than allowing open access and relying on user judgment. It supports Verify explicitly by making every AI-bound network request pass through an identity-aware policy evaluation before reaching the destination. Without web content filtering for AI categories, the organization's AI governance policy exists only on paper — users and agents can access any AI service regardless of its risk profile, and sensitive data leaves the organization through channels the security team cannot see or control.