[Launched] Generally Available: Azure Quota Groups
May 31, 2025The Marketplace Partner Digest | May 2025
May 31, 2025
HTTPS is the standard for privacy and secure web communication, but it also conceals a growing number of threats. In fact, over 87% of cyber threats now use encrypted channels*, creating a visibility gap that puts Zero Trust enforcement at risk.
Today, Microsoft Entra is taking a step forward in addressing this challenge. We’re excited to announce that Transport Layer Security (TLS) Inspection for Microsoft Entra Internet Access is now available in public preview. This powerful new capability empowers your security teams to look inside HTTPS traffic in real-time, without requiring extra hardware or complex deployments. You can now decrypt, inspect, enforce granular, identity-centric policies and extend Zero Trust principles to every encrypted session within Microsoft’s Security Service Edge (SSE) solution.
TLS Inspection is a game-changer
The widespread adoption of encrypted channels, while essential, means that traditional security measures often lack the visibility needed to detect threats like advanced malware payloads or stealthy data exfiltration attempts lurking within. This visibility gap is a critical vulnerability that attackers actively exploit.
TLS Inspection in Microsoft Entra Internet Access tackles encrypted threats directly by routing traffic through the Microsoft Security Service Edge, where HTTPS traffic is securely decrypted for inline inspection. This allows for a full contextual understanding of the traffic, going beyond just domains, to apply your security policies. Intelligent enforcement then leverages identity-centric policies and Conditional Access signals to determine if the traffic is safe. Finally, approved traffic is swiftly re-encrypted and sent on its way, ensuring both robust security and a seamless user experience.
Public preview features you can leverage today
This initial public preview of TLS Inspection in Microsoft Entra Internet Access delivers several key capabilities to get you started:
- Real-time, performant inspection: Decrypt and inspect encrypted HTTPS traffic without a discernible impact on user experience or network performance.
- Identity-driven policy enforcement: Leverage the power Conditional Access signals, including user identity, device compliance, and risk levels, to make intelligent decisions about when and for whom to inspect traffic.
- Enhanced web categorization: Benefit from improved signal intelligence, leading to more accurate and granular web category classification.
- Improved user experience: Deliver clear and informative messages to end-users when access is blocked, reducing confusion and minimizing help desk inquiries.
See TLS Inspection in action
Watch the demo video below to see how to create a certificate, set up a TLS inspection policy, attach it to a security profile, and view traffic logs.
Visibility changes everything
By evaluating what’s inside encrypted traffic, TLS Inspection provides the foundation for stronger, more effective inline security. This visibility allows you to enforce policies with far greater precision and context, opening the door to solving key security scenarios, such as:
- Granular web filtering: Move beyond broad domain categories and implement targeted allow/block decisions based on specific URLs, offering finer control over web access.
- Proactive encrypted threat defense: Intercept and neutralize threats like malware, ransomware payloads, and phishing attacks before they can compromise user endpoints.
- Comprehensive Data Loss Prevention (DLP): Consistently apply DLP policies across all connections, safeguarding sensitive corporate data, even on unmanaged devices or when users access resources via public Wi-Fi.
- Mitigating unsanctioned AI usage: Gain visibility into and control over the use of Generative AI tools, preventing the unauthorized transfer of proprietary data.
- Streamlined compliance and auditing: Leverage centralized, cloud-hosted logs to simplify and clearly demonstrate adherence to regulatory mandates such as PCI, HIPAA, and regional data residency requirements.
Figure 2: End-to-end TLS flow with Global Secure Access
The bottom line: encrypted does not mean invisible. TLS Inspection helps to bring Zero Trust controls to HTTPS traffic, empowering your organization to protect users and data without sacrificing privacy. Explore the documentation to learn more.
Want to dive deeper? Check out John Savill’s walkthrough of TLS Inspection in Microsoft Entra Internet Access!
Looking ahead
TLS Inspection is a foundational capability, and this is just the beginning. This announcement lays the groundwork for exciting upcoming enhancements to further strengthening Microsoft Entra Internet Access and Microsoft Entra Private Access as we continue to build an identity-centric SSE solution.
We’re incredibly excited to bring TLS Inspection to the public preview! Get started by reviewing the prerequisite and setup documentation for TLS Inspection and help us deliver secure connectivity everywhere your users work.
Ashish Jain, Principal Group Product Manager, Identity & Network Access
Learn more about Microsoft Entra
Prevent identity attacks, ensure least privilege access, unify access controls, and improve the experience for users with comprehensive identity and network access solutions across on-premises and clouds.
- Microsoft Entra Suite Trial
- Microsoft Entra News and Insights | Microsoft Security Blog
- Microsoft Entra blog | Tech Community
- Microsoft Entra documentation | Microsoft Learn
- Microsoft Entra discussions | Microsoft Community
*ThreatLabz 2024 Encrypted Attacks Report