Update network guidance files with latest Global Secure Access capabilities #834
+337
−52
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Collaborator
tdetzner
commented
Jan 25, 2026
tdetzner
commented
- Revise Net_015 with B2B controls now in public
- Updated NET_018: Intelligent Local Access for Private Access with DNS probes
- Updated NET_030: Web content filtering and URL filtering (Preview)
- Updated NET_031: Complete rewrite as overview for Internet Access SWG capabilities
- Updated NET_038: Network content filtering with file policies (Preview)
- Updated NET_039: Minor improvements to Threat Intelligence filtering
- Updated NET_040: Netskope ATP and DLP integration
- Updated NET_045: Internet Access for remote networks (branch offices)
- Added NET_093: Secure Web and AI Gateway for Copilot Studio agents (Preview)
- Added NET_094: Prompt Shield for enterprise generative AI applications (Preview)
- Added NET_095: Cloud firewall for remote networks (Preview)
Updated the document to implement B2B guest access controls for partner access, detailing the Zero Trust network model and implementation steps.
…lities - Updated NET_018: Intelligent Local Access for Private Access with DNS probes - Updated NET_030: Web content filtering and URL filtering (Preview) - Updated NET_031: Complete rewrite as overview for Internet Access SWG capabilities - Updated NET_038: Network content filtering with file policies (Preview) - Updated NET_039: Minor improvements to Threat Intelligence filtering - Updated NET_040: Netskope ATP and DLP integration - Updated NET_045: Internet Access for remote networks (branch offices) - Added NET_093: Secure Web and AI Gateway for Copilot Studio agents (Preview) - Added NET_094: Prompt Shield for enterprise generative AI applications (Preview) - Added NET_095: Cloud firewall for remote networks (Preview) All updates follow established patterns with Zero Trust context, implementation steps, and comprehensive references.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the network workshop guidance to reflect the latest Global Secure Access capabilities, especially around Internet Access SWG features, AI protections, and new cloud firewall functionality for remote networks.
Changes:
- Replace older “Roadmap” or stub guidance with detailed zero-trust–aligned implementation docs for B2B guest access, Intelligent Local Access, web content/URL filtering, core Internet Access SWG, network file content filtering, Netskope ATP/DLP integration, threat intelligence filtering, and Internet Access for remote networks.
- Add new guidance files for Secure Web and AI Gateway for Copilot Studio agents, Prompt Shield for enterprise generative AI apps, and cloud firewall for remote networks (Preview).
- Align references to current Microsoft Learn content and expand “important considerations” / implementation step lists across the updated NET_0xx docs.
Reviewed changes
Copilot reviewed 11 out of 11 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
src/react/docs/workshop-guidance/network/NET_015.md |
Replaces microsegmentation roadmap stub with concrete guidance for implementing B2B guest access controls with Global Secure Access. |
src/react/docs/workshop-guidance/network/NET_018.md |
Expands Intelligent Local Access guidance to describe DNS-probe-based detection and per-app routing behavior with clear Zero Trust outcomes and steps. |
src/react/docs/workshop-guidance/network/NET_030.md |
Converts URL filtering roadmap stub into full instructions for web content and URL filtering (Preview) using Internet Access and Conditional Access. |
src/react/docs/workshop-guidance/network/NET_031.md |
Completely rewrites as the main Internet Access SWG overview, enumerating core capabilities and implementation approach plus cross-links to detailed NET_03x/04x/09x docs. |
src/react/docs/workshop-guidance/network/NET_038.md |
Replaces roadmap text with detailed guidance for network content filtering with file policies, including Purview integration and limitations. |
src/react/docs/workshop-guidance/network/NET_039.md |
Refines threat intelligence filtering section into concise key capabilities and step-by-step implementation. |
src/react/docs/workshop-guidance/network/NET_040.md |
Replaces short Netskope ATP stub with a full integration guide covering prerequisites, Conditional Access-based delivery, and custom DLP profiles. |
src/react/docs/workshop-guidance/network/NET_045.md |
Expands remote networks doc into a full “Internet Access for branch offices” scenario with Zero Trust outcomes, implementation steps, and reference links. |
src/react/docs/workshop-guidance/network/NET_093.md |
Adds new guidance for Secure Web and AI Gateway protecting Microsoft Copilot Studio agents with GSA network controls. |
src/react/docs/workshop-guidance/network/NET_094.md |
Adds new Prompt Shield guidance for protecting enterprise generative AI apps from prompt injection via network-level controls. |
src/react/docs/workshop-guidance/network/NET_095.md |
Introduces new cloud firewall for remote networks (Preview) guidance, including 5-tuple rule configuration and operational considerations. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - **DNS-based network detection:** GSA client automatically identifies corporate network presence through DNS probes | ||
| - **Conditional bypass for on-premises access:** Private Access applications can bypass cloud routing when users are on corporate network | ||
| - **Consistent security posture:** Identity and context-based policies apply regardless of traffic routing path | ||
| - **Reduced latency and improved user experience:** Eliminates network hair pinning and backhauling for on-premises users |
There was a problem hiding this comment.
"hair pinning" appears to be a typo for the standard networking term "hairpinning"; consider updating this phrase for clarity and consistency with common terminology.
Suggested change
| - **Reduced latency and improved user experience:** Eliminates network hair pinning and backhauling for on-premises users | |
| - **Reduced latency and improved user experience:** Eliminates network hairpinning and backhauling for on-premises users |
|
|
||
| ## Reference | ||
| MS Roadmap - coming in the future | ||
| - https://learn.microsoft.com/en-us/entra/global-secure-access/concept-b2b-guest-access |
There was a problem hiding this comment.
The reference section here uses a bare URL instead of the labeled markdown links used throughout the other NET_0xx guidance files (for example NET_016, NET_018, NET_030), which makes the docs less readable and inconsistent; consider switching to a descriptive markdown link label for this reference.
Collaborator
Author
There was a problem hiding this comment.
@copilot open a new pull request to apply changes based on this feedback
tylchan
approved these changes
Jan 26, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.