Microsoft Entra Internet Access
A couple of weeks ago I posted about what Microsoft Entra Internet and Private access are here
In todays post, we're going to discuss how you can secure access to your company's resources using the Microsoft Entra Internet Access Client, also known as Global Secure Access. This tool primarily serves to segregate traffic for Microsoft 365 applications and resources, such as Exchange Online and SharePoint Online
Users can gain access to these resources via the Global Secure Access Client or from a remote network like a branch office, but for this post, we're only discussing the use of the client.
Initial Setup
First, visit https://entra.microsoft.com/ and then:
Creating a traffic forwarding profile
Creating the Conditional Access policy
Next, we need to establish a conditional access policy that routes traffic through Global Secure Access. In my setup, all user access is denied by default unless the client is installed, so without the client, users are unable to access company resources.
To implement this:
领英推荐
Installing the Global Secure Access Client
4. Launch the installer from the machine you want to access M365 from
5. Once the install is finished you'll be prompted to login as your authorized user
6. Confimed Global Secure Access is connected
Testing
Finally, let's run some tests..
Testing Sharepoint from a device without the client installed...
And now, testing from a device with the client installed...
As you can see it was very easy to setup. I wont delve into universal tenant restrictions or enhanced signalling but you can view more about that here
In my next post I'll talk about securing access to internal applications without a VPN using Entra Private Access.. Stay tuned for more
Information Technology Security Architect, microCAR EVangelist, Radio Spectrum Kaitiaki, Experienced Director and Trustee
1 年Very good, multi tenant?