Cloud & AI Security

Added in Endpoint (Plan 2)

• Global Secure Access - M365 — Microsoft Entra Global Secure Access for M365 traffic
• Global Secure Access - Internet — Microsoft Entra Global Secure Access for internet traffic, web filtering, and Private Access tunnels
• External Identity & B2B Governance — Guest governance, cross-tenant access policies, external collaboration settings, and partner onboarding processes
• Defender for Cloud & CSPM — Azure Defender for Cloud plans (Servers, Containers, Databases) and Cloud Security Posture Management with Secure Score

Added in Information Governance (Plan 3)

• Lifecycle Workflows — Entra ID Governance lifecycle workflows for pre-hire, joiner, mover, and leaver identity lifecycle automation
• AI Agent Identity & Governance — Entra Agent ID registration, agent lifecycle policies with human sponsor requirement, CA for AI workloads
• AI Data Governance — Sensitivity labels on AI-consumed data, DLP policies for AI-generated content, Copilot governance configuration
• AI Monitoring & Shadow AI Detection — AI agent action audit logging, Copilot usage monitoring, shadow AI detection via Entra Internet Access and Sentinel
• MCP Server Security — MCP server authentication (Device Flow, API keys), least-privilege tool exposure, connectivity monitoring

ISO 27001 Controls Covered

• A.5.12
• A.5.13
• A.5.15
• A.5.16
• A.5.19
• A.5.20
• A.6.1
• A.6.5
• A.8.1
• A.8.15
• A.8.16
• A.8.20
• A.8.23
• A.8.25
• A.8.26
• A.8.9