Entra ID – Global secure access

Global Secure Access is out of preview and general available – but what is this actually?

Let me try to answer some of questions that I have gotten about this service lately.
I hope that this helps to get more insights in what this new awesome feature is.

  • There are some many names, what is it actually called?
  • What is this exactly?
  • What can we use it for?
  • And why do we need it?
  • I`m sure it costs alot?

The name

Many of us have heard these names alot lately – Microsoft Entra Private Access, Microsoft Entra Internet Access, Global Secure Access, Microsoft Security Service Edge.
Let`s put it this way – Global Secure Access is a term that covers the services Microsoft Entra Private Access and Microsoft Entra Internet Access. When we combines the Global Secure Access services together with Microsoft Defender for Cloud Apps we get a Security Service Edge sollution that Microsoft call “Microsoft Service Edge Sollution”.

By integrating all these services, we gain comprehensive control over Network, Identity, and Endpoint, enabling secure access to any application or resource from any location worldwide – and all this without any new investments on hardware!

What is it?

Microsoft Entra Privat Access and Microsoft Entra Internet Access is a new way of securing access to both SaaS applications or your own application in your hybrid datacenter. Think of a VPN sollution, but forget about the traditional VPN setup with investments in hardware and so on! With Global Secure access you can designing secure access to any application throughout your organization, regardless of your location in the world and it provides a new dimension to the security of your company’s data and resources.

Microsoft Entra Internet Access

Microsoft Entra Internet Access is an identity-centric secure web gateway (SWG) that protects access to all internet resources, including
software as a service (SaaS) apps, and Microsoft 365 apps and resources. It also features Web content filtering.

Microsoft Entra Private Access

Microsoft Entra Private Access Secure access to all private apps and resources for users anywhere with identity-centric Zero Trust Network
Access (ZTNA)

Usefull or not?

So – what can we use this for and is it usefull?
The answer on if it`s usefull – YES!
What can we use this for? Well we can secure access to our company resourceses where ever the data or resouces live. So combined we can secure access by forcing the traffic through a secure tunnel using Microsoft`s backbone network and of course also add our securing mechanisms with Conditional Access meaning we can apply strong authentication, require compliant device and so on.

The neat part of the Global Secure Access client is that it`s tied to the same layer as your NIC – so the traffic is completly tied into the client and will perform on the policies and settings that are deployed for the users.

You need this!

Yes you need it – Why you may ask?

Well – to be able to maintain a secure access to our services across both SaaS and private apps and services in your own datacenter we need a sollution that can create a tunnel AND get the securing mechanisms attached. By using Microsoft Entra ID Internet Access – we route the traffic through Microsoft`s backbone and can add thinks like conditional access and compliant device requirements on our devices. But when we are to connect to one of our applications or services in our datacenter or datacenters we then want to be able to utualize the same mechanisms like requiring compliant device and add strong authentication. And by using Microsoft Entra ID Private Access we get that tunel from the devices into Microsoft backbone and from there we are connecting to our services using a proxy application.

Pricing

While pricing is not ready yet – but what I can say is that each og the service Microsoft Entra Privat Access and Microsoft Entra Internet Access will get their own SKU, meaning that if you only need one of the you only need to pay for that one.

Also we can see from the documentation at learn.microsoft.com that there will be a “Secure Access Essentials” SKU – exactly what that includes do we not know at this point.

A pre-requisite for using Global Secure Access is that you have Microsoft Entra ID P1 or Microsoft Entra ID P2 licensing in our environment.