Edit

Configure Global Secure Access, the Secure Web, and AI Gateway for agents (preview)

[This article is prerelease documentation and is subject to change.]

As organizations integrate autonomous and interactive AI agents to perform tasks previously handled by humans, administrators might notice a reduction in visibility and control compared to the traditional user network security policy and management experience.

By using Global Secure Access (GSA) for agents, you can regulate how these agents use knowledge, tools, and actions to access other resources in a way that's similar to how you regulate users.

Diagram showing agent traffic flowing through Global Secure Access to protected resources.

Important

  • This is a preview feature.
  • Preview features aren’t meant for production use and might have restricted functionality. These features are subject to supplemental terms of use, and are available before an official release so that customers can get early access and provide feedback.

Key benefits

After you forward agent traffic to Global Secure Access, you can apply the following security controls:

  • Web content filtering: Control access to web content based on categories and URLs.
  • Threat intelligence filtering: Block access to known malicious sites and services.
  • Network file filtering: Control file uploads and downloads.

You configure security policies for agents by using the baseline profile in Global Secure Access. The baseline profile applies security policies at the tenant level, ensuring consistent security controls across all agent traffic.

How Secure Web and AI Gateway for Copilot Studio agents works

To enforce consistent network security controls on Copilot Studio agents, forward traffic from the agents to Global Secure Access's globally distributed proxy service. You can enable forwarding of agent traffic in the Power Platform admin center on a per-environment or per-environment group basis. Forwarding applies to all kinds of agent traffic, including traffic from HTTP node and tools-generated connectors, custom connectors, custom Model Context Protocol (MCP) servers, custom tools, and a full list of supported connectors.

After you forward traffic from the agent to Global Secure Access, you can enforce the same security controls you use on users to agents, including web content filtering, threat intelligence filtering, network file filtering, and more.

When an agent makes a request to external resources, the Global Secure Access service evaluates the request in real time against the security policies you configured. If the request complies with the configured policies, the service allows it. If the request violates any security policy, the Global Secure Access service denies the request with appropriate logging for audit and monitoring purposes.

Prerequisites

  • Administrators who interact with Global Secure Access features must have one or more of the following role assignments depending on the tasks they're performing:
  • A Power Platform environment with Dataverse added to it.

High-level steps

Configuring network controls for Copilot Studio agents involves several steps:

  1. Enable Network Controls for Copilot Studio Agents in Power Platform environment settings
  2. Create security policies for Copilot Studio traffic

Enable network controls for Copilot Studio Agents

The first step is to enable traffic forwarding from Copilot Studio Agents in the Power Platform Admin Center.

Note

Before you enable this feature in the Power Platform Admin Center, ensure your tenant is onboarded to Global Secure Access in the Microsoft Entra Admin Center

Enable network controls at the environment level

To configure Global Secure Access settings at the environment level, complete the following steps:

  1. Sign in to the Power Platform admin center.
  2. On the navigation pane, select Security.
  3. On the Security pane, select Identity & access.
  4. Select Global Secure Access for Agents.
  5. Select the appropriate environment and select Set up.
  6. Toggle Enable Global Secure Access for Agents to on for your selected environment.
  7. Select Save.

Enable network controls at the environment group level

To configure Global Secure Access settings at the environment group level, complete the following steps:

  1. Sign in to the Power Platform admin center.
  2. On the navigation pane, select Security.
  3. On the Security pane, select Identity and access.
  4. Select Global Secure Access for Agents.
  5. Select the Environment groups tab to which you want the security setting applied, and then select Set up.
  6. Toggle Enable Global Secure Access for Agents to on for the selected environment group.
  7. Select Save.

Note

After enabling Global Secure Access for Agents in the environment or environment group, you must edit and save any existing Copilot Studio custom connector to ensure its traffic routes through Global Secure Access. Custom connectors created afterward automatically use this configuration.

Create security policies for Copilot Studio agents

After you enable network controls, enforce Global Secure Access security policies on agent traffic. Apply web content filtering, threat intelligence filtering, and other security policies. The following example shows how to configure a web content filtering policy:

  1. Sign in to the Microsoft Entra admin center as a Global Secure Access Administrator.
  2. Browse to Global Secure Access > Secure > Web content filtering policies.
  3. Select Create policy.
  4. Enter a descriptive name and a description for the policy, and then select Next.
  5. Select Add rule.
  6. Configure rules based on your security to Copilot Studio agent requirements. For example, block access to Web repositories, Illegal software, not safe for work (NSFW) sites, and more.
  7. Select Next to review the policy.
  8. Select Create policy.

Next, create policies like threat intelligence to protect agents against malicious destinations or file policy to safeguard against unintended data exposure and prevent inline data leaks.

Group your security policies by linking them to the baseline profile to apply them to Copilot Studio agent traffic. Security profiles linked to Conditional Access policies aren't currently supported for Copilot Studio agents.

  1. Sign in to the Microsoft Entra admin center as a Global Secure Access Administrator.
  2. Browse to Global Secure Access > Secure > Security profiles.
  3. Select the Baseline profile tab.
  4. Select Edit to edit the baseline profile rules.
  5. Select Link a policy and then select Existing policy.
  6. Select the Copilot Studio agent web repositories policy that you created earlier and select Add.
  7. Select Save to save the profile changes.

Monitor and maintain

Regular monitoring and maintenance ensure your security configuration remains effective:

  1. Review traffic logs regularly for unusual patterns or blocked legitimate traffic. For more information, see Global Secure Access network traffic logs.
  2. Update filtering policies as new services or requirements emerge.
  3. Test policy changes in a development environment before applying to production.

Note

Configuration changes in the Global Secure Access experience related to web content filtering typically take effect in less than five minutes.

More details on security controls in Global Secure Access

Configure security controls in the Global Secure Access portal

Known limitations

  • The Global Secure Access traffic logs return the agent name as the agent's unique schema name.
  • The block experience for Copilot Studio agents blocked by Global Secure Access shows a 502 Bad Gateway for HTTP Actions or a 403 Forbidden for connectors. This experience is a known issue, and improvements are coming soon.
  • Only the baseline profile is supported for enforcement, so network security policies are per-tenant.
  • Global Secure Access partner ecosystem integrations, such as third-party Data Loss Prevention (DLP), aren't supported.
  • Copilot Studio Bing search network transactions (including knowledge from public websites and Wikipedia) aren't supported.
  • Network requests to Dataverse and Azure SQL knowledge sources aren't supported.
  • Network requests to Large Language Model (LLM), either for orchestration or results enhancement, aren't supported.
  • Limited connector support (see supported connectors for details).
  • Connectors other than those listed in supported connectors aren't supported and might not function reliably.

Supported connectors

The following connectors currently support secure web and AI gateway Copilot Studio agents. If you have any trouble with these connectors in the preview, contact support.

  • Adobe PDF Tools
  • Adobe Sign
  • AI Builder
  • Amazon S3
  • Approvals
  • ArcGIS
  • Asana
  • Azure AD
  • Azure AD Applications
  • Azure AI Foundry Agent Service
  • Azure AI Foundry Inference
  • Azure Application Insights
  • Azure Cognitive Service for Language
  • Azure Cognitive Services Computer Vision
  • Azure Cognitive Services Text Analytics
  • Azure Communication Services Email
  • Azure Communication Services SMS
  • Azure Data Factory
  • Azure Event Hubs
  • Azure Log Analytics Data Collector
  • Azure Resource Manager
  • Azure Table Storage
  • Azure VM
  • Bing Maps
  • Bitly
  • Blackbaud Altru Constituent
  • Blackbaud Raiser's Edge NXT
  • Blackbaud RENXT Gifts
  • Blackbaud SKY Add-ins
  • Box MCP Server
  • Cards for Power Apps
  • ClickSend SMS
  • Cloudmersive Convert
  • Cognito Forms
  • Computer Operator
  • Confluence
  • Converter by Power2Apps
  • Copilot for Finance
  • Databricks
  • Desktop flows
  • DocuSign
  • DocuSign Demo
  • Egnyte
  • Encodian Convert
  • Encodian Document Manager
  • Encodian PDF
  • Encodian Word
  • Excel
  • Experlogix Smart Flows
  • Formstack
  • Freshdesk
  • Freshservice
  • GitHub
  • Google Calendar
  • Google Contacts
  • Google Drive
  • Google Tasks
  • Hash Generator
  • Hashify
  • iAuditor
  • Impower ERP
  • Jira
  • JotForm
  • JotForm Enterprise
  • kintone
  • LMS365
  • Luware Nimbus
  • Mail
  • Mailchimp
  • Microsoft 365 Copilot Automations
  • Microsoft 365 Message Center
  • Microsoft 365 Updates App
  • Microsoft Bookings
  • Microsoft Copilot Studio
  • Microsoft Dataverse
  • Microsoft Defender ATP
  • Microsoft Defender for Cloud Apps
  • Microsoft Fabric Data Agent
  • Microsoft Forms
  • Microsoft Forms Pro
  • Microsoft Graph
  • Microsoft Learn Docs MCP
  • Microsoft Loop
  • Microsoft School Data Sync
  • Microsoft Spatial Services
  • Microsoft Teams
  • Microsoft To-Do (Business)
  • Microsoft Translator V2
  • Monday.com
  • Muhimbi PDF
  • NetDocuments
  • Office 365 Groups
  • Office 365 Groups Mail
  • Office 365 Outlook
  • OneDrive
  • OneDrive for Business
  • OneNote (Business)
  • Outlook Tasks
  • PagerDuty
  • Partner Center Referrals
  • Planner
  • Plumsail
  • Plumsail SP
  • Power Apps for Admins
  • Power Apps for Makers
  • Power Apps Notification
  • Power Apps Notification V2
  • Power Automate
  • Power Automate for Admins
  • Power Automate Management
  • Power BI
  • Power Platform Dataflows
  • Power Platform for Admins
  • Power Platform for Admins V2
  • Project Online
  • Project Roadmap
  • Redmine
  • SendGrid
  • ServiceNow
  • SharePoint
  • Shifts for Microsoft Teams
  • Slack
  • Smartsheet
  • Snowflake
  • Stripe
  • Survey123
  • SurveyMonkey
  • TeamForms
  • Todoist
  • Trello
  • Twilio
  • UiPath Orchestrator
  • Vena
  • Webex
  • WordPress
  • Yammer
  • YouTube

For more information about individual connectors, see Connector reference overview.

  • Last updated on