Introduction
Hello everyone! I hope you’re all doing great. Today, I’m thrilled to introduce you to Global Secure Access, an essential feature within Microsoft’s security framework.
In today’s complex digital landscape, enhancing cybersecurity is more critical than ever, and Global Secure Access plays a vital role in strengthening an organization’s defenses. This post will guide you through:
- Activating Global Secure Access
- Key benefits of this feature
- Best practices for maximizing its potential
Stay tuned to explore how you can leverage this technology to bolster your organization’s cybersecurity posture.
What is Global Secure Access?
How we work has changed dramatically, with employees working from almost anywhere. This shift requires a new kind of security: one that is identity-aware and cloud-based. This approach is called Security Service Edge, and Microsoft’s solution includes Entra Internet Access and Entra Private Access, together known as Global Secure Access.
Built on Zero Trust principles—like least privilege, explicit verification, and assuming breaches—Global Secure Access ensures secure access in the cloud era.
Example
Imagine a finance manager working from homewho needs to access confidential financial reports stored in the company’s cloud environment. Using Microsoft Entra Private Access (part of Global Secure Access), the manager can securely connect to the company’s network, verify their identity, and access the reports without exposing sensitive data to the public Internet.
This ensures secure access, limits permissions to only the required data, and protects company resources in line with Zero Trust principles.
Global Secure Access has two components: Microsoft Entra Internet Access and Microsoft Entra Private Access. Each part has unique features that are available to organizations.
What is Microsoft Entra Internet Access?
Microsoft Entra Internet Access is an identity-centric solution that ensures secure access to the internet and cloud-based applications (SaaS apps). By leveraging a Secure Web Gateway, it acts as a security checkpoint that verifies user identities before granting access. It enforces policy-driven controls and inspects traffic in real-time to protect against threats like malware and phishing. This enables safe and efficient connectivity in hybrid and cloud environments.
Key Features of Microsoft Entra Internet Access
- It secures access to all internet, SaaS, and Microsoft 365 apps and resources.
- Protect your organization against internet threats, malicious network traffic, and unsafe or non-compliant content.
- Use an identity-centric Secure Web Gateway for optimal protection.
- Microsoft Entra Internet Access unifies access controls in a single policy. This helps to close security gaps. It also minimizes the risk of cyberthreats.
- It simplifies and modernizes traditional network security to protect users, apps, and resources.
- It offers advanced capabilities like universal access controls, universal tenant restriction, and token protection. Other features include web content filtering, cloud firewall, threat protection, and TLS inspection.
- Plus, it offers best-in-class security and optimized access for Microsoft 365 apps.
What is Microsoft Entra Private Access?
Microsoft Entra Private Access allows secure access to private applications by using Zero Trust Network Access. It eliminates the need for traditional VPNs. This approach continuously verifies your identity and access rights rather than relying on a one-time check like traditional VPNs. It ensures you have the appropriate permissions and adapts as necessary to maintain security.
Key Features of Microsoft Entra Private Access
- Secure access to all private apps and resources, for users anywhere, with an identity-centric Zero Trust Network Access.
- Built on Zero Trust principles, it removes the risk and operational complexity of legacy VPNs while boosting user productivity.
- Quickly and securely connect remote users from any device and any network to private apps. This connection can be made on-premises, across clouds, and anywhere in between.
- Remove excessive access to enhance security.
- Stop lateral threat movement with automatic app discovery and easy onboarding.
- Use adaptive per-app access controls and granular app segmentation. Implement intelligent local access.
What is Microsoft’s Security Service Edge (SSE)
Microsoft Entra Internet Access and Microsoft Entra Private Access are part of Microsoft’s Security Service Edge (SSE). SSE integrates network, identity, and endpoint access controls. This provides secure access to any app or resource. Access is granted from any location, device, or identity. It includes components like Zero Trust Network Access, Secure Web Gateway, Cloud Access Security Broker, and more. Here’s a brief overview:
Key Components:
| Key Components | Functions |
|---|---|
| Zero Trust Network Access | Continuously verifies user identity and access rights, ensuring secure access to private applications |
| Secure Web Gateway | Filters and inspects web traffic to protect against internet threats like malware and phishing. |
| Cloud Access Security Broker | Provides extra security measures for cloud applications and services |
| Unified Identity and Access Management | Integrates with Microsoft Entra ID to manage access policies and enforce security controls. |
Licensing Requirements
Licensing for Global Secure Access (GSA) varies based on the deployment model and desired features. Here are the general licensing details for GSA in a Microsoft environment:
Understanding the Microsoft licensing model is complex because it is available as a Suite (bundle) or Standalone product. What type of license the customers have and the features you want to offer will decide everything.
To activate the Global Secure Access feature, you need to subscribe to Microsoft Entra ID P1. Alternatively, you can subscribe to Microsoft Entra ID P2.
Microsoft Entra Suite
To fully unlock Global Secure Access capabilities, you must buy the Microsoft Entra Suite. It includes five products.
- Microsoft Entra ID Protection
- Microsoft Entra ID Governance
- Microsoft Entra Internet Access
- Microsoft Entra Private Access
- Microsoft Entra Verified ID
Microsoft Entra Suite license has different plans, and the details are outlined below.
- Microsoft Entra Suite (Trial)
- Microsoft Entra Suite for FLW (Trial)
- Microsoft Entra Suite for FLW
- Microsoft Entra Suite
- Microsoft Entra Suite Add-on for Microsoft Entra ID F2 for FLW
- Microsoft Entra Suite Add-on for Microsoft Entra ID P2
Standalone Product
You can buy Microsoft Entra Internet Access and Microsoft Entra Private Access as a standalone product. The details are given below.
- Microsoft Entra Private Access (Trial)
- Microsoft Entra Private Access
- Microsoft Entra Internet Access (Trial)
- Microsoft Entra Internet Access
- Microsoft Entra Private Access for FLW
- Microsoft Entra Private Access for FLW (Trial)
- Microsoft Entra Internet Access for FLW
- Microsoft Entra Internet Access for FLW (Trial)
- Secure access essentials (Trial)
- Secure access essentials
Remote Network License
Make sure your bandwidth is up to par if you want to enhance your Microsoft 365 experience from Remote Networks. Global Secure Access features need this. Aim for at least 250 Mbps for smooth and efficient operations. This supports up to 1250 users. It is effective whether they’re at headquarters or working remotely.
Note: There is no licensing model for Remote Network as of now, but we can expect one in the future.
Check out the Microsoft article for detailed information about the Microsoft Global Secure Access license.
Traffic forwarding License
Here’s a table summarizing the license requirements for traffic forwarding in Microsoft Secure Access.
| Traffic Forwarding Profile | License Requirement |
|---|---|
| Microsoft Traffic Profile | Microsoft Entra ID P1 or P2 |
| Private Access Profile | Microsoft Entra ID P1 or P2 Microsoft Entra Private Access or Microsoft Entra Suite |
| Internet Access Profile | Microsoft Entra ID P1 or P2 Microsoft Entra Internet Access |
Recent Announcement
Microsoft recently enforced Microsoft Entra Private Access and Internet Access licenses to customer tenants. These features come with the Microsoft Entra Suite license model and include a 90-day trial for all customer tenants. Take advantage of this opportunity—be sure to grab it today! Try out these features and explore the benefits of Global Secure Access.
How to Activate Global Secure Access?
My tenant is now set up with only Microsoft 365 Business Basic. Let’s buy the Microsoft Entra ID P2 license, turn on Global Secure Access, and verify the features within this license.
Implementation Steps
You need a Microsoft Entra ID P1 or P2 license. This is necessary to turn on Global Secure Access for your tenant. If you haven’t done so already, follow the simple steps below to turn on GSA for your tenant. Let’s get started!
- Go to the Microsoft Entra Admin Center
- Sign in with Global Admin login details
- Navigate to Global Secure Access -> Dashboard
- Move to the right side. Click “Try for Free” under the “Welcome to Global Secure Access” banner!
- You can choose either the Microsoft Entra Suite or the Microsoft Entra ID P2 Trial license. I have selected the Microsoft Entra P2.
- You can now find the Microsoft Entra ID P2 license displayed in the subscription section
- Navigate to Global Secure Access and click the “Activate” button on the right. This will enable its features.
- Hang tight, as it gets everything set up for you! Your activation is on the way—stay tuned!
- The activation has been successfully completed.
- If you already have Microsoft Entra ID P1 or P2, go to the Global Secure Access Dashboard. Then, click the activation button. An activation wizard will guide you through the process, as shown in the diagram below.
Verify the functionality
After enabling Global Secure Access, I reviewed the accessible features and found them quite impressive. Here are my observations.
Traffic Forwarding
The “Microsoft traffic profile” is available for use. The “Private access profile” and the “Internet access profile” are disabled, and they need a separate license.
Security profiles
Security profiles can’t be created as they need a Microsoft Entra Internet Access license.
Web content filtering policies
Again, to create Web content filtering policies, it is necessary to buy a Microsoft Entra Internet Access license.
Quick Access
The Quick Access features can’t be used because a Microsoft Entra private license is required.
Remote network
Remote network features are available for use.
Session Management
Universal Tenant Restrictions and Adaptive Access are now available.
Conclusion
This article concludes by explaining how successful it is to enable Global Secure Access. It also provides a comprehensive overview of the licensing requirements for Microsoft Entra Internet Access. It details the requirements for Microsoft Entra Private Access as well. I think it’s essential to understand these licensing prerequisites. It ensures secure, seamless access to cloud resources and applications. It also maintains compliance and security standards. Organizations can follow the steps and licensing guidelines discussed. They can confidently leverage Microsoft Entra’s capabilities. This will protect and manage access for users across various environments.
Thank you for reading the article!
Recent Comments