If you’re still relying on a traditional VPN and haven’t thought about how users are interacting with AI tools, you’re already behind.
Over the last year, Microsoft Entra Suite has evolved fast. And it’s no longer just an identity platform. It’s becoming the control plane for how users access applications, how traffic flows, and now how AI is used inside your environment.
That’s a pretty big shift. And most organizations haven’t caught up to it yet, let alone envisioned how it can be used for them.
Legacy VPNs Are on Borrowed Time
I still see (and hear about) environments where the core access strategy looks like this: connect to VPN, get dropped onto the network, and from there… you can reach way more than you probably should. That model has been around forever. It’s also the exact opposite of what modern security should look like. For example, this VPN server appliance below has full /24 access for all users that VPN in.

With Entra’s Global Secure Access, Microsoft is moving toward an identity-first access model. Instead of trusting the network, you’re evaluating the user, the device, and the context of the request every single time. That means access decisions are no longer tied to an IP address or whether someone is “inside.” They’re tied to who the user is, what device they’re on, and how risky the session looks. And more importantly, you’re no longer exposing your internal network just to let someone connect.
How to Start Evaluating a VPN Replacement
If you’re thinking about this shift, the first step isn’t ripping out your VPN. It’s understanding what traffic actually needs to be protected and how users are accessing it today. For example, in the screenshot above, users VPN in and go to one application hosted over HTTPS (port 443) and some users RDP to a server using port 3389. These are only two places end users need to go, but on this subnet there are printer administrative interfaces, security cameras, smart TVs, management consoles for hypervisors, and out of band management for servers.
I know, I know – network segmentation also comes into play here BUT identity based networking can also untangle this mess pretty quickly too.
So now, we look at the below points. From there, we can being to pilot Global Secure Access in parallel to our legacy VPN.
- What applications are accessed over VPN
- Which of those can be modernized (SaaS, web apps, etc.)
- Where Conditional Access policies can replace network controls
What would these two applications look like in Global Secure Access?
The below screenshot assumes some prerequisites have been completed, like the connector is setup in your on premesis, etc. Take a read here and see just how easy that is.
Now, we can create our two applications in Quick Access. This assumes our user permissions to both applications are the same. If that isn’t the case, you can create individual applications in the enterprise applications section of Global Secure Access, but for our testing it is the case. Now, after these applications are created, tested and working, our legacy VPN is no longer necessary for those users who are onboarded to global secure access. Not only do we have a better VPN experience, but those users now truly only have network access to the resources they need.

AI Introduced a Security Problem Most Organizations Haven’t Solved
So now that everyone is rolling out AI (or at least experimenting with it), we need to get a grasp on where AI is being used, how its being used, etc. Organizations are running the risks of users are pasting sensitive data into tools like ChatGPT, trying out different platforms, and integrating AI into their workflows faster than security teams can keep up. In most environments, there’s little to no visibility into what’s actually happening. This is where Entra Global Secure Access starts to get interesting.
Shadow AI Is the New Shadow IT
A few years ago, the problem was Shadow IT and users were spinning up SaaS apps without approval. Now it’s Shadow AI. Users are trying tools constantly, some are well-known, others were created yesterday. And most organizations don’t have a clear picture of what’s being used, let alone the data your users are feeding it, and how that data is being used.
Entra introduces visibility into AI usage across your environment, helping you identify which tools are in play and how risky they might be. That visibility is step one, control comes next.
AI Discovery in Global Secure Access

Prompt Injection Protection
One of the more important capabilities that’s been introduced is prompt injection protection. At a high level, prompt injection is when someone manipulates an AI prompt to get the model to ignore its safeguards or expose data it shouldn’t.
What Entra does differently is enforce protection before the request ever reaches the AI tool. It operates at the network layer, inspecting and controlling prompts in real time. So instead of relying on each individual AI provider to secure their platform correctly, you’re applying a consistent control across all of them.

Identity Now Includes AI Agents
This is where things start to shift from “interesting” to “this is going to matter very soon.” With Entra Agent ID, Microsoft is extending identity to AI agents themselves. Not just users. Not just service accounts. Actual AI-driven entities. That means you can assign permissions, control access, and apply governance to something that isn’t human but is still interacting with your data.
What I’m Seeing in Real Environments
Most organizations are still early here. They have MFA. Maybe some Conditional Access policies. But beyond that, identity isn’t being fully leveraged. At the same time, VPNs are still widely open, AI usage is largely unmonitored, and security teams are trying to catch up after the fact. This gap is where the risk really lives because users are eager to automate their work, get agentic wins, and the agents aim to please. Agents don’t care about misconfigurations or oversharing, they will do whatever they can to get the job done for their user, even if it isn’t something the user should be doing.
Identity used to be a simple question of “who are you?” Now it is much more: where are you, what access do you get, how should you get access, and does the combination of all of it add up to an allowed scenario. Entra Suite is the place where the intersection of network, identities, and agents starts.
