All posts in category Azure AD

Mastering Certificates with Microsoft Intune September 2026

I’m excited to announce that I will be delivering another edition of the Mastering Certificates with Microsoft Intune course, hosted by ViaMonstra Online Academy. This is a three-day live online training course that takes place September 1-3, 2026. This course dives deep into issuing and managing certificates using Microsoft Intune, covering both on-premises and cloud-based solutions.

Course Overview

This interactive training equips IT professionals with the skills to provision and manage enterprise PKI certificates using Microsoft Intune. It explores Active Directory Certificate Services (AD CS), Microsoft Cloud PKI for Intune, and non-Microsoft solutions, with live demonstrations featuring real-world scenarios.

Key Learning Objectives

Those taking the online training course will learn the following.

  • Certificate Basics: Understand certificate roles and enterprise use cases.
  • Deployment Options: Master Intune certificate deployment (Intune policies, revocation, security) and Microsoft Cloud PKI (licensing, benefits, limitations, BYOCA).
  • Intune Deployment: Learn PKCS and SCEP deployment, security best practices, and troubleshooting.
  • High Availability: Explore strategies for reliable certificate management.

Course Highlights

Here are some key highlights for attendees of the training.

  • Expert-Led: Learn from a veteran IT professional, a Microsoft MVP, with deep PKI and Intune expertise.
  • Interactive Demonstrations: The course includes numerous practical exercises in real-world scenarios.
  • Resources: Access to security best practices and sample scripts for automated configuration.
  • Community: Join a private Facebook group for peer collaboration.
  • Live Q&A: Engage directly with the instructor for a clearer understanding.

Who Should Attend?

This training event is ideal for IT administrators, security professionals, and systems engineers working with Intune, AD CS, or Microsoft Cloud PKI for Intune.

Prerequisites

Those attending the online training course should be familiar with the following.

  • Basic networking knowledge (TCP/IP, DNS).
  • Familiarity with Active Directory, Windows OS, and Intune.
  • Access to an AD CS setup and an Azure subscription with Intune Suite licenses.

Why It Matters

Certificates are vital for secure authentication and communication. This course bridges theory and practice, equipping you to deploy and manage digital certificates effectively in cloud-native environments.

Details

Here is some additional information about the training event.

  • When: September 1-3, 2026 (sessions begin at 9:00 AM CDT).
  • Where: Live online via ViaMonstra Online Academy.
  • Cost: $2,395.00 (Sold separately – not included in All-Access Pass).

Why ViaMonstra?

ViaMonstra delivers top-tier IT training from Microsoft MVPs, focusing on practical, up-to-date skills and fostering a collaborative community.

Take the Next Step

Ready to master certificate management with Microsoft Intune? Register at ViaMonstra Online Academy for the August 2025 Mastering Certificates with Microsoft Intune training course today!

Leave a comment
by Richard M. Hicks on June 8, 2026  •  Permalink
Posted in Active Directory, Active Directory Certificate Services, AD CS, administration, authentication, Azure Active Directory, Azure AD, CBA, Certificate Authentication, Certificate Authority, Certificate Connector for Intune, Certificate Services, Certificate-Based Authentication, certificates, cloud, Cloud PKI, Cloud Service, Cryptography, Deployment, Device Management, education, Encryption, Endpoint Manager, Enterprise, enterprise mobility, Entra, Entra CBA, Entra Certificate-Based Authentication, Entra ID, Infrastructure, Intune, Intune Certificate Connector, Intune PFX Connector, learning, MDM, MEM, Microsoft, Microsoft Endpoint Manager, Microsoft Entra, Microsoft Entra ID, Microsoft Intune, Mobile Device Management, Mobility, NDES, Network Device Enrollment Service, Network Device Enrollment Services, Operational Support, PFX Connector, PKCS, PKI, public cloud, public key infrastructure, SCEP, Security, Simple Certificate Enrollment Protocol, systems management, Training, troubleshooting, Trusted Platform Module, Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2025
Tagged , , , , , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on June 8, 2026

https://directaccess.richardhicks.com/2026/06/08/mastering-certificates-with-microsoft-intune-september-2026/

What’s New in Entra Global Secure Access Client v2.31.125

On June 2, 2026, Microsoft released version 2.31.125 of the Entra Global Secure Access (GSA) client. This update introduces several enhancements designed to improve client resiliency, simplify troubleshooting, and provide administrators with better visibility into network connection status.

Changes in v2.31.125

GSA client v2.31.125 includes new features to streamline connectivity troubleshooting.

Network Status

The new GSA client can now distinguish between a complete network disconnection and a scenario where the device remains connected to a local network but lacks internet access. This distinction helps administrators and users more quickly identify the source of connectivity issues and reduce troubleshooting time.

Network Disconnected

No Internet Connectivity

Local Access

When Intelligent Local Access (ILA) is enabled, the client now clearly indicates when a device is connected to a trusted private network. This provides additional visibility into ILA decision-making and helps confirm that local access policies are functioning as expected.

Sign Out

The new GSA client includes an account picker when a user signs out on Entra-registered or Entra-joined devices. This enhancement simplifies account management on shared or multi-user devices by allowing users to switch identities without fully reinstalling or reconfiguring the client.

The sign out option is disabled by default. It must be enabled by setting the following registry key.

HKLM\Software\Microsoft\Global Secure Access Client\HideSignOutButton DWORD = 0

User Session Detection

Because the GSA client supports only a single interactive Windows session, this new indicator helps quickly identify unsupported multi-session scenarios that may impact client functionality or troubleshooting efforts.

Other Changes

In addition to the new features and capabilities outlined above, these changes are also included.

  • Updated embedded .NET Runtime to version 8.0.26.
  • GSA Forwarding Profile Service now automatically restarts after a failure.
  • Improved detection and tunneling of agentic network connections.
  • Various bug fixes and performance improvements.

Summary

GSA Client v2.31.125 introduces several useful enhancements focused on troubleshooting, resiliency, and user experience. Improved network status visibility, Intelligent Local Access awareness, account sign-out support, and enhanced session detection provide administrators with better diagnostic capabilities while making the client easier for end users to understand and manage. Although this release remains in preview, administrators are encouraged to begin testing this latest release soon.

Additional Information

Microsoft Entra Global Secure Access (GSA) Client v2.31.125

Microsoft Entra Private Access Intelligent Local Access

Leave a comment
by Richard M. Hicks on June 4, 2026  •  Permalink
Posted in administration, Azure Active Directory, Azure AD, Azure AD Join, cloud, Cloud Service, Deployment, Device Management, Enterprise, enterprise mobility, Entra, Entra Global Secure Access, Entra ID, Entra Internet Access, Entra Private Access, Global Secure Access, GSA, Hybrid Azure AD Join, Hybrid Entra ID Join, Hybrid Entra Join, ILA, Intelligent Local Access, Microsoft, Microsoft Entra, Microsoft Entra Global Secure Access, Microsoft Entra ID, Microsoft Entra Internet Access, Microsoft Entra Private Access, Mobility, Operational Support, Remote Access, SASE, Secure Access Service Edge, Security, Security Service Edge, Windows 10, Windows 11, Zero Trust, Zero Trust Network Access, ZTNA
Tagged , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on June 4, 2026

https://directaccess.richardhicks.com/2026/06/04/whats-new-in-entra-global-secure-access-client-v2-31-125/

Entra Private Access and Bring Your Own Device (BYOD)

Microsoft Entra Private Access is a Zero Trust Network Access (ZTNA) solution that provides secure access to private enterprise resources. With the release of Global Secure Access (GSA) client version 2.26.108, Microsoft has addressed a crucial functionality gap by adding support for Bring Your Own Device (BYOD), enabling secure access from non-managed endpoints.

BYOD Support in Global Secure Access

Microsoft introduced BYOD support for Entra Private Access with the release of the GSA client version 2.26.108. This update allows the GSA client to be installed on Microsoft Entra-registered devices that are not domain-joined or managed by the organization, enabling secure access to private resources from personal or unmanaged endpoints.

Use Cases

BYOD support in GSA and Entra Private Access enables several common scenarios where network access from managed devices is impractical or unavailable, including:

  • Vendor or contractor access
  • IT incident response from unmanaged endpoints
  • Temporary or seasonal staffing
  • Collaboration with external partners

Replacing Legacy VPN for Ad Hoc Access

Historically, legacy VPN solutions were the primary option for providing ad hoc access to private resources from unmanaged devices. With the introduction of BYOD support in the GSA client, organizations can now extend Entra Private Access to these scenarios without deploying or maintaining a separate VPN infrastructure.

Additional Changes

In addition to adding BYOD support, GSA client v2.26.108 includes the following new enhancements.

  • Improved Intelligent Local Access (ILA) detection
  • Join Type displayed in the client interface
  • GSA traceroute enhancements, including a 50M MB speed test between the client and edge service.

Summary

BYOD support removes a key barrier to adopting Microsoft Entra Private Access. Organizations can now securely provide access to private resources using Zero Trust policies, even when users connect from unmanaged or personal devices, and without relying on legacy VPN solutions.

Additional Information

Microsoft Entra Private Access Bring Your Own Device (BYOD)

Microsoft Global Secure Access Client for Windows v2.26.108

Microsoft Entra Private Access Intelligent Local Access

Always On VPN vs. Entra Private Access

Leave a comment
by Richard M. Hicks on February 10, 2026  •  Permalink
Posted in authentication, Azure Active Directory, Azure AD, Azure AD Join, Azure Conditional Access, cloud, Cloud Service, Conditional Access, Enterprise, enterprise mobility, Entra Conditional Access, Entra Global Secure Access, Entra Private Access, Global Secure Access, GSA, ILA, Intelligent Local Access, Microsoft, Microsoft Entra, Microsoft Entra Global Secure Access, Microsoft Entra ID, Microsoft Entra Private Access, Mobility, Private Network Connector, public cloud, Remote Access, Secure Service Edge, Security, Security Service Edge, VPN, Windows 10, Windows 11, Zero Trust, Zero Trust Network Access, ZTNA
Tagged , , , , , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on February 10, 2026

https://directaccess.richardhicks.com/2026/02/10/entra-private-access-and-bring-your-own-device-byod/

« Older Posts