Microsoft Entra Global Secure Access is a new Security Service Edge (SSE) solution included with the Microsoft Entra suite of technologies. Global Secure Access comprises two secure remote access technologies – Microsoft Entra Internet Access and Microsoft Entra Private Access. The latter of these will be of particular interest to Microsoft Always On VPN administrators in certain deployment scenarios.
Microsoft Entra Internet Access
Microsoft Entra Internet Access is a new Secure Web Gateway (SWG) cloud service solution designed to protect users from threats on the public Internet. Features include web content filtering, malware inspection, TLS inspection, and more. In addition, Entra Internet Access can protect Microsoft 365 applications. Entra Conditional Access policies can be enforced for Internet traffic. Network conditions are now included with Entra Conditional Access, which can further protect against attacks by requiring access from specific trusted or compliant networks.
Microsoft Entra Private Access
Microsoft Entra Private Access is a Zero Trust Network Access (ZTNA) cloud service solution from Microsoft. It leverages the Entra Private Network Connector (formerly Azure App Proxy), allowing administrators to easily publish private, on-premises applications by installing the connector on an on-premises server. Administrators can leverage Entra ID authentication and conditional access policies to ensure device compliance or enforce multifactor authentication (MFA), if required. Microsoft Entra Private Access extends the capabilities of the Azure Application Proxy to support TCP and UDP-based applications.
Private Access vs. Always On VPN
Entra Private Access is a compelling alternative to Always On VPN. Specifically, organizations that use native Entra-joined devices could benefit tremendously from this technology. Entra Private Access is much simpler to implement than Always On VPN and requires no on-premises infrastructure other than the Entra Private Network connector. Using Entra Private Access also means that no inbound access from the Internet is required, making the solution inherently more secure and reducing the public attack surface. For organizations using hybrid Entra join, Always On VPN remains the best Microsoft solution for these scenarios.
References
Microsoft Entra Expands into Security Service Edge (SSE)
Microsoft Entra – Secure Access for a Connected World
Microsoft Entra Internet Access Preview
Microsoft Entra Private Access Preview
What is Zero Trust Network Access?
What is Security Service Edge (SSE)?
What is Secure Access Service Edge (SASE)?
What’s the Difference Between SSE and SASE?
Contact Us
Microsoft Entra Internet Access and Private Access are powerful new solutions for achieving true Zero Trust remote access. I’ve been deeply testing and working with both technologies. If you’d like to learn how they work, their real-world benefits, deployment considerations, and whether they’re a good fit for your organization, fill out the short form below. I’ll personally follow up with detailed insights and answer your questions.
