Microsoft Security Service Edge Now Generally Available

A few weeks ago, Microsoft announced the general availability of its Security Service Edge (SSE) offering, Global Secure Access (GSA). GSA encompasses Entra Internet Access, a cloud-based Secure Web Gateway, and Entra Private Access, a Zero Trust Network Access (ZTNA) solution for accessing private data and applications on-premises.

ZTNA vs. VPN

Entra Private Access will be a compelling alternative to traditional VPN solutions such as Windows Always On VPN. Where traditional VPNs grant the endpoint an IP address on the internal network, Entra Private Access provides more granular access and does not require the device to be directly connected to the network.

GSA Client

Administrators must install the GSA client on all endpoints using Entra Internet Access or Entra Private Access. Today, the client is available for Windows and Android devices. iOS and macOS clients are forthcoming.

Private Network Connector

The Entra Private Access solution relies on the Entra Private Network Connector. The Entra Private Network Connector is a software component installed on-premises that provides remote access connectivity. Previously, it was called the Azure AD Application Proxy. Essentially, it is the same technology extended to support TCP and UDP network access in addition to HTTP.

Limitations

Entra Private Access is the way of the future for secure remote access. However, today, there are still some important limitations associated with this technology.

Private DNS

Although Microsoft announced general availability for Entra Private Access, it still lacks the private DNS feature many organizations require to provide feature parity with their existing VPN. This feature is still in private preview at the time of this writing. Hopefully, Microsoft will release this feature soon.

Device Connection

Entra Private Access does not support device-based connections. This limits its capabilities for domain-joined devices. If your organization uses hybrid Entra join today, consider sticking with Always On VPN until you move to native Entra joined endpoints.

Licensing

Global Secure Access (Entra Private Access and Entra Internet Access) are included in the Microsoft Entra Suite license. More information about Entra licensing can be found here.

Additional Information

Microsoft Global Secure Access Now Generally Available

Microsoft Entra Global Secure Access (GSA) Overview

Microsoft Entra Security Service Edge (SSE) on the RunAs Radio Podcast

Microsoft Entra Plans & Pricing

Microsoft Entra Security Service Edge (SSE) on RunAs Radio

I recently had the opportunity to join my good friend Richard Campbell on the RunAs Radio podcast. During this episode, we discussed the new Microsoft Entra Security Service Edge (SSE). This new service offering includes Entra Internet Access, a cloud-based secure web gateway, and Entra Private Access, an identity-centric zero-trust network access (ZTNA) solution. Entra Private Access is in public preview today. Entra Private Access is still in private preview at the time of this writing, however.

You can listen to RunAs Radio episode 906 here.

Enjoy!

What’s New in Absolute Secure Access v13

Recently I wrote about NetMotion Mobility’s acquisition by Absolute Software. Absolute Secure Access (formerly NetMotion Mobility) is an enterprise VPN and Zero Trust Network Access (ZTNA) solution that includes fine-grained policy enforcement to restrict network access based on a wide range of parameters, including IP address, protocol, port, application, time of day, location, and type of network (e.g., wired, Wi-Fi, wireless, etc.), available bandwidth, battery level, and more. It also includes integrated Network Access Control (NAC), which administrators can use to inform access policy decisions based on device security and configuration posture. Now, Absolute has created its first major release since the acquisition – Absolute Secure Access v13.

Secure Web Gateway

Absolute Secure Access is already the most comprehensive and compelling enterprise VPN and ZTNA solution available today. With the release of Absolute Secure Access v13, the solution now includes cloud-based Secure Web Gateway integration, providing administrators with increased visibility and control of web traffic outside the tunnel. Not all web traffic must flow through the secure web gateway. Administrators can use policy to selectively route web traffic through the secure web gateway to meet their requirements.

Enhanced Security

The secure web gateway feature of Absolute Secure Access v13 includes the following enhanced security features.

Web Filtering

The secure web gateway allows administrators to restrict access based on web category (e.g., gambling, malware sites, personal storage, etc.). Administrators can allow or deny access based on risk level or use the destination’s categorization to take policy action to restrict access further or require additional authentication.

TLS Inspection

The secure web gateway can terminate HTTPS (SSL/TLS) sessions to perform traffic inspection and granular content categorization based on the full URL. The TLS inspection certificate is added dynamically to the local computer certificate store.

Virus Scan

The secure web gateway performs malware and virus scans on web content and files, preventing users from downloading malicious software.

Remote Browser Isolation

Remote Browser Isolation (RBI) executes web browsing sessions on a remote, isolated system to prevent potential malware threats. It enhances security by ensuring malicious content is contained and executed away from the user’s device.

Content Disarm and Reconstruction

Content Disarm and Reconstruction (CDR) is a security feature that eliminates dynamic content from downloaded files and guards against zero-day vulnerabilities undetected by antivirus scans.

Data Loss Prevention

Data Loss Prevention (DLP) is designed to prevent sensitive or confidential data from being leaked, accessed, or shared inappropriately, ensuring data security and compliance with regulations.

Policy Enhancements

Absolute Secure Access policies now include actions that can be taken based on information from the secure web gateway. For example, if a user visits a risky category like Malware Sites, additional security features such as antivirus scan, CDR and DLP enforcement, and RBI can be enforced. In addition, administrators can now force reauthentication when users roam between networks.

Summary

Absolute Secure Access v13 significantly upgrades previous versions of Absolute Secure Access and NetMotion Mobility. The security enhancements associated with the new secure web gateway service will tremendously increase an organization’s security posture and eliminate the need for additional web security solutions. Absolute Secure Access has powerful security enforcement technologies with policy and NAC to ensure the highest level of security for today’s mobile workforce.

Learn More

Are you interested in learning more about Absolute Secure Access? Would you like a demonstration of this enterprise VPN and Zero-Trust Network Access solution? Fill out the form below, and we’ll provide more information.