All posts in category MDM

Microsoft Security Service Edge Now Generally Available

A few weeks ago, Microsoft announced the general availability of its Security Service Edge (SSE) offering, Global Secure Access (GSA). GSA encompasses Entra Internet Access, a cloud-based Secure Web Gateway, and Entra Private Access, a Zero Trust Network Access (ZTNA) solution for accessing private data and applications on-premises.

ZTNA vs. VPN

Entra Private Access will be a compelling alternative to traditional VPN solutions such as Windows Always On VPN. Where traditional VPNs grant the endpoint an IP address on the internal network, Entra Private Access provides more granular access and does not require the device to be directly connected to the network.

GSA Client

Administrators must install the GSA client on all endpoints using Entra Internet Access or Entra Private Access. Today, the client is available for Windows and Android devices. iOS and macOS clients are forthcoming.

Private Network Connector

The Entra Private Access solution relies on the Entra Private Network Connector. The Entra Private Network Connector is a software component installed on-premises that provides remote access connectivity. Previously, it was called the Azure AD Application Proxy. Essentially, it is the same technology extended to support TCP and UDP network access in addition to HTTP.

Limitations

Entra Private Access is the way of the future for secure remote access. However, today, there are still some important limitations associated with this technology.

Private DNS

Although Microsoft announced general availability for Entra Private Access, it still lacks the private DNS feature many organizations require to provide feature parity with their existing VPN. This feature is still in private preview at the time of this writing. Hopefully, Microsoft will release this feature soon.

Device Connection

Entra Private Access does not support device-based connections. This limits its capabilities for domain-joined devices. If your organization uses hybrid Entra join today, consider sticking with Always On VPN until you move to native Entra joined endpoints.

Licensing

Global Secure Access (Entra Private Access and Entra Internet Access) are included in the Microsoft Entra Suite license. More information about Entra licensing can be found here.

Additional Information

Microsoft Global Secure Access Now Generally Available

Microsoft Entra Global Secure Access (GSA) Overview

Microsoft Entra Security Service Edge (SSE) on the RunAs Radio Podcast

Microsoft Entra Plans & Pricing

2 Comments
by Richard M. Hicks on August 6, 2024  •  Permalink
Posted in Always On VPN, AOVPN, authentication, Azure AD, Azure AD Join, Azure App Proxy, Azure Application Proxy, cloud, Cloud Service, Endpoint Manager, Enterprise, enterprise mobility, Entra, Entra Global Secure Access, Entra ID, Entra Internet Access, Entra Private Access, Entra Private Network Connector, GSA, HAADJ, Hybrid Azure AD Join, Hybrid Entra ID Join, Hybrid Entra Join, InTune, MDM, MEM, MFA, Microsoft, Microsoft Endpoint Manager, Microsoft Entra, Microsoft Entra Global Secure Access, Microsoft Entra ID, Microsoft Entra Internet Access, Microsoft Entra Private Access, Microsoft Intune, Mobile Device Management, Mobility, Multifactor Authentiction, Private Network Connector, Remote Access, Secure Access Service Edge, Secure Service Edge, Secure Web Gateway, Security, Security Service Edge, Uncategorized, VPN, Windows 10, Windows 11, Zero Trust, Zero Trust Network Access, ZTNA
Tagged , , , , , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on August 6, 2024

https://directaccess.richardhicks.com/2024/08/06/microsoft-security-service-edge-now-generally-available/

Workplace Ninja Summit Switzerland 2024

I’m excited to announce that I’ll be presenting at the upcoming Workplace Ninja Summit in beautiful Lucerne, Switzerland. The event takes place from September 16-19, 2024, and covers topics such as Microsoft Intune, System Center Configuration Manager (SCCM), Entra, PowerShell, Azure Virtual Desktop (AVD), Windows 365, and more.

My Sessions

I will be delivering two talks at this year’s conference.

  • Simplified Certificate Management with Cloud PKI for Microsoft Intune
  • Strong Authentication with Entra Certificate-Based Authentication

I will provide links to the sessions with dates and times when they are available.

Let’s Connect!

Will you be attending the conference? Let’s get together! Drop me a note on X or LinkedIn, or fill out the form below, and we’ll discuss anything you’d like. Hope to see you there!

Contact Me

Leave a comment
by Richard M. Hicks on August 1, 2024  •  Permalink
Posted in Active Directory Certificate Services, AD CS, authentication, Azure, Azure Active Directory, Azure AD, Certificate Authentication, Certificate Authority, Certificate Connector for Intune, Certificate Services, certificates, cloud, Cloud PKI, Cloud Service, Endpoint Manager, Enterprise, Entra, Entra ID, InTune, Intune Certificate Connector, Intune PFX Connector, MDM, MEM, Microsoft, Microsoft Endpoint Manager, Microsoft Entra, Microsoft Entra ID, Microsoft Intune, Mobile Device Management, PFX Connector, PKCS, PKI, public cloud, public key infrastructure, SCCM, SCEP, Security, Simple Certificate Enrollment Protocol, System Center Configuration Manager, systems management, Windows 10, Windows 11
Tagged , , , , , , , , , , , , ,

Posted by Richard M. Hicks on August 1, 2024

https://directaccess.richardhicks.com/2024/08/01/workplace-ninja-summit-switzerland-2024/

Cloud PKI for Microsoft Intune on RunAs Radio

Recently, I joined my good friend Richard Campbell on his popular RunAs Radio podcast. In this episode, we discussed Microsoft’s new Cloud PKI for Intune service. Cloud PKI for Intune is a PKI-as-a-service solution that allows organizations to issue and manage digital certificates without deploying on-premises infrastructure. Optionally, Cloud PKI for Intune supports integration with an existing on-premises PKI. Cloud PKI for Intune isn’t without a few drawbacks, though. We discuss all the benefits and limitations during this podcast, so be sure to listen!

Additional Information

Cloud PKI for Microsoft Intune on RunAs Radio Episode 943

Overview of Cloud PKI for Microsoft Intune

Cloud PKI for Microsoft Intune and Active Directory

Cloud PKI for Microsoft Intune SCEP URL

Cloud PKI for Microsoft Intune and Certificate Templates

2 Comments
by Richard M. Hicks on July 31, 2024  •  Permalink
Posted in Active Directory Certificate Services, AD CS, ADCS, administration, authentication, Azure Active Directory, Azure AD, Certificate Authentication, Certificate Authority, Certificate Connector for Intune, Certificate Services, certificates, cloud, Cloud PKI, Cloud Service, Cryptography, Device Management, Encryption, Endpoint Manager, Enterprise, Entra, Entra ID, Infrastructure, InTune, Intune Certificate Connector, Intune PFX Connector, MDM, MEM, Microsoft, Microsoft Endpoint Manager, Microsoft Entra, Microsoft Entra ID, Microsoft Intune, Mobile Device Management, Multifactor Authentiction, PFX Connector, PKCS, PKI, public cloud, public key infrastructure, SCEP, Security, Simple Certificate Enrollment Protocol, Windows 10, Windows 11
Tagged , , , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on July 31, 2024

https://directaccess.richardhicks.com/2024/07/31/cloud-pki-for-microsoft-intune-on-runas-radio/

« Older Posts