Let’s delve into the topic of Microsoft Entra Global Secure Access solution. Microsoft developed this comprehensive security solution. It aims to provide enhanced protection and secure access to digital resources on a global scale.
In this article, we will dive into the components that make up the Global Secure solution, along with a closer look at Entra Private Access and Internet Access solutions. We will also explore the distinctions between these offerings to understand their unique features and benefits better.
And also explain Microsoft’s Identity-centric Security Service Edge (SSC) solution and explore its key components. By examining this innovative offering, we can gain insights into how it strengthens security through an identity-focused approach. We have an article highlighting comprehensive insights into Microsoft Entra and Entra ID and the distinction between Azure Active Directory (Azure AD) and Entra ID.
The Microsoft Entra admin center features a centralized and unified location called Global Secure Access, which manages network access policies and configurations. It is built upon the core principles of Zero Trust to use least privilege, verify explicitly, and assume breach.
What is Microsoft Entra ID?
Microsoft Entra ID, commonly known as Microsoft Azure AD, represents a cutting-edge cloud-based solution for managing identity and access.
What is the Enhanced New version of Azure AD App Proxy?
As discussed in the below section of the post, Entra Private Access is the premium version of App Proxy. Microsoft is planning to extend/enhance those components to do much more. But with the power of a client agent called Global Secure Access.
Video 1 – What is Entra Global Secure Access?
The video will give you all the information needed to understand Global secure access solutions from Microsoft Entra. And you can also see the demo where we have explained how to enable these services from the Entra portal.
Entra Global Secure Access
Global Secure Access is the term for Microsoft Entra Internet and Microsoft Entra Private Access. Let’s see Entra Global Secure Access from an Admin and User Perspective.
Entra Global Secure Access from a User Perspective
Global Secure Access is a client agent from Microsoft Entra. This helps to improve the security of the network communication of your endpoint devices (Windows, macOS, etc). If you see the Global Secure Access client is using the resources of the Windows PC, it’s normal, and don’t get panic.
Entra Global Secure Access from an Admin Perspective
Global Secure Access is where you can manage network access policies and configurations from the Entra portal. This helps organizations configure and manage Microsoft Entra Private Access and Microsoft Entra Internet Access products.
Azure AD is now Entra ID
Microsoft recently began a rebranding initiative to align its Identity and Access Management (IAM) product strategy. Entra has emerged as Microsoft’s dedicated IAM product as part of this transformation, while Azure Active Directory (Azure AD) has been renamed and rebranded as Entra ID.
- From a technical perspective, nothing has changed in APIs, and all the URLs will be the same, but it is just the rebranding to align with their IAM product strategy.
- Entra ID Centrally manages all your identities and access to your applications, whether in the cloud or on-premises, to improve visibility and control.
- Access Management(AM)as tools that establish, enforce and manage journey-time access controls to cloud, modern standards-based web, and legacy web applications-Gartner.
Microsoft Entra as a Product
Let’s talk more about Microsoft Entra as a product. There are 3 main categories under Microsoft Entra product. Identity and access management is the first one, which Microsoft Entra ID provides. There are Microsoft Entra ID Governance and Microsoft Entra Extra External ID.
| Identity and access management | New identity categories | Network access |
|---|---|---|
| Microsoft Entra ID | Microsoft Entra verified ID | Microsoft Entra Internet access |
| Microsoft Entra ID Governance | Microsoft Entra permissions management | Microsoft Entra Private access |
| Microsoft Entra External ID | Microsoft Entra workload ID |
Entra Global Secure Access
Global Secure Access includes Microsoft Entra Internet Access and Microsoft Entra Private Access. Global Secure Access Administrator, Security Administrator, or Global Administrator must be assigned to activate and manage Global Secure Access features.
- Entra Internet Access-identity-centric Secure Web Gateway(SWG) for SaaSapps and Internet traffic protection
- Entra Private -access identity-centric Zero Trust Network Access to private resources.
What is the Difference between Azure AD App Proxy (free solution) and Entra Private Access?
As per Alex Simons’s Tweet – Entra Private Access is the premium version of App Proxy – all we’ve done is extend/enhance those components to do much more.
Microsoft Security Service Edge (SSE) Solution
This is a high-level overview of new solutions that are part of Microsoft Entra identity and access management solutions. You can see the identities, Endpoints, and Remote networks on the left side. This can be anywhere; any user and device can be accessed anywhere.
Conditional Access in Microsoft Entra ID and Continuous access evaluations are coming as part of it. SSE solutions have 3 components as follows.
- Microsoft Entra Internet Access
- Microsoft Entra Private Access
- Microsoft Defender for Cloud Apps
Legacy Technology may Increase Cybersecurity Risk and Complexity
Let’s see the Legacy world works without any modern identity and access management solutions. Legacy technology has a lot of limitations, and it is very complex to operate. It does not have a very good hybrid experience.
- Inconsistent and inefficient security controls lead to expanded attack surfaces and lateral threat movement.
- Poor user experience and productivity result from slow and inconsistent access.
- Limited resources and technical skills inhibit organizations from managing and responding to threats in an efficient manner.
- Security gaps from siloed solutions and policies result from disjointed and legacy technologies across identity, network access, and networking.
- Higher operational complexities may lead to security vulnerabilities and increased costs.
Microsoft Entra Internet Access
Let’s learn Microsoft Entra Internet Access. If you want to provide secured access to public SaaS offerings such as Twitter, Linkedin, Facebook, YouTube, etc., and If you want to have secured access to Microsoft 365 and all the other SaaS applications and resources, these are all internet apps and resources. You can see the identities, Endpoints, and Remote networks on the left side.
Microsoft Entra Private Access
Let’s learn Microsoft Entra private access. Entra private access is an identity-centric zero-trust network access solution for secure access to private resources. You can see identities, Endpoints, and Remote networks like MS Entra internet access on the left side. On the right side, you can see all private apps and resources. The private resources include Multi-cloud, Corporate networks, Web apps, etc.
Identity-Centric Security Service Edge SSE Solution
Let’s learn identity-centric security service edge SSE solution from Microsoft Entra. The pattern of the device is the same. You can see identities, Endpoints, and Remote networks on the left side. On the right side, you can see all the types of applications and resources, such as private apps, Internet and SaaS apps, and Microsoft 365 apps and resources.
Identity-Centric Security Service Edge SSE Solutions
This is another high-level view of identity-centric security service edge solutions. Microsoft SSE solution helps secure and optimize connectivity for the identities endpoints and remote networks to IAS infrastructure as a service or PaaS access to headquarters or data centers within the corporate network, into the Internet, and then to Microsoft 365 applications and resources.
High-Level Overview of Private Access and Internet Access
Let’s learn the high-level overview of Private Access and Internet Access and how Microsoft connects identities endpoints remote networks with private applications and resources and Internet applications and resources using Microsoft Entra solutions.
Entra Admin Center Portal – Global Secure Access
Let’s check the experience of the Entra admin center portal. Enabling Global Secure Access for your tenant within the Entra admin center portal is straightforward. Sign in to the Microsoft Entra admin center.
- Select the Global Secure Access on the left side of Microsoft Entra Admin Center.
- Within the Global Secure Access section of the Entra admin center, you will find a range of tab options that provide access to various settings and functionalities.
- Select Get Started under Global Secure Access
- The Get Started tab helps you to show the following details.
- Global Secure Access Prerequisites
- Activate Global Secure Access in your Tenant
- Get Started with Global Secure Access
The below window helps you to show how to activate Global secure access in your tenant. You need to click on the Activate button. If you click on the button, it is trying to onboard. You will get a message that “Tenant onboarding is currently in progress. This may take a few minutes to complete.”
- And you can also see a notification message: “Tenant onboarding has been completed successfully.”
Get Started with Global Secure Access
If you click on the Get Started button from the Get Started tab, you will get the below window and show the features of Microsoft Entra Internet Access and Microsoft Entra Private Access. Clicking the Get Started button from the below window will redirect you to the Microsoft documentation page.
Dashboard in Entra Portal
Select Dashboard on the left of the Entra portal, and you can see Welcome to global secure access. The Dashboard provides an intuitive and informative overview of your organization’s secure access environment, highlighting key metrics and insights.
Clients Tab in Entra Portal
You must download and install the Global Secure Access client to tunnel end-user device network traffic to Global Secure Access. The client is currently available for Windows. Client versions for Android, ios, and macOS will be released in the coming months. To ensure you have the latest features and improvements. Check this page frequently to upgrade your client.
- Select the Clients Unde Devices tab in the Entra portal
- System Requirments
- Operating System – Windows 10/10Enterprise
- The device must be Azure AD joined, or Hybrid Azure AD joined to a tenant onboarded to Global Secure Access.
- Internet connection to Azure AD and the Global SecureAccess service.
- Local administrator permissions during the installation.
- Installation instructions
- To install the Global Secure Access client, download the installation package and install it on the designated end-user devices.
Remote Network Tab in Entra Portal
Remote networks enable admins to define and configure remote network locations, including names, regions, and bandwidth capacity, and add one or more customer premises equipment(CPE) links to a given remote network.
- Select the Remote Network Unde Devices tab in the Entra portal
Enterprise Applications in Entra Portal
Select Enterprise applications Under the Applications tab in the Entra portal. You can easily add new applications by clicking the New Applications button below. The create a Global Secure Access application, you should enter the information such as Name, Connector Group, etc.
Session Management in Entra Portal
You can see Tenant Restrictions and Adaptive Access in the Session Management tab. Tenant restrictions enable admins to control whether their users can access an external organization’s resources with accounts issued by the external organization while using your organization’s network or device.
Web Filtering Policy in Entra Portal
The below window helps you to show the Web filtering policy window. Select the Wen filtering policy on the right side of the Entra Admin Portal.
Traffic Forwarding in Entra Portal
Traffic forwarding profiles enabled admins to select which traffic should be acquired and forwarded to Global Secure Access. Once selected, the forwarding profiles are assigned to any device in the tenant running the Global Secure Access agent. The ability to assign forwarding profiles to users and groups will be added.
- Select the Traffic Forwarding tab on the right side of the Entra Portal
What is Microsoft Entra ID? – Video
In the video, you have gained comprehensive insights into Microsoft Entra and Entra ID and the distinction between Azure Active Directory (Azure AD) and Entra ID.
Author
About Author – Vidya is a computer enthusiast. She is here to share quick tips and tricks with Windows 11 or Windows 10 users. She loves writing on Windows 11 and related technologies. She is also keen to find solutions and write about day-to-day tech problems.