Facebook Twitter Linkedin
Book Consultation
Facebook
Twitter
LinkedIn

Entra · Security

Microsoft Entra Internet Access – Gsa

Since the HUSMUG event at Microsoft office in Houston, Texas, and the fantastic information about securing Internet access was shared among us by Camila Martins.

I was waiting to see this option available on my tenant, but this week, I noticed Global Secure Access is under (preview), so I want to give it a shot and test it.

Global Secure Access is a new Microsoft Entra to secure both Internet access; it uses both Microsoft Entra Inter access and Private Access like Microsoft Defender for Cloud, which you can use to secure SaaS and other Cloud Apps. Entra Internet Access or (EIA) is used to protect Users and devices while using Internet regardless of the location at the office or home, while Entra Private Access (EPA) works while the user working from home and tries to access work resources.

  • On my test I worked on EIA, let us start:-
  1. Login to Entra Admin Center, then scroll down until you see the new option Global Secure Access (preview)

2. Check the profile you want to select, I created Internet Access for this test from Entra Admin Center> Secure> Security Profiles.

in this profile I set the policy to block all unrelated sites to the work, like social media, shopping, etc. I left Government site access available.

The priority starts from 100 is the highest, 65000 is the lowest. Also, ensure the State is “Enabled”

3. Now let us navigate in Entra to Connect > Cleitn download, then install it on your test device, I used Windows client while you can pick MacOS, iOS, or Android.

When you install the client, ensure to login to it, if you see a Red x please restart your device then log back in and ensure under overview you can see your Name, Tenant, etc. also check the health check and forwarding profile as well will help with your Entra Traffic logs (you will see that later).

4. Now let us create Conditional Access:-

I created a policy named it “GSA Test” and targeted all users and excluded the Admins

Then for policy I selected Global Secure Access(preview), and profile I selected both Microsoft 365 and Internet Traffic.

I added some conditions like platform “Windows”, for Grant I selected Block Access, but these options not related to this topic you can leave them.

The final step for Conditional Access is the session ensure to select the new option ” Use Global Secure Access Security Profile” (that you created early)

Now we step up all, let us try to login to the Windows device and use Edge browser and test it,

I tried to go to Amazon, Facebook, and Government website , you can see successfully Amazon and Facebook are blocked while SBA site it fine because early we selected social media and shopping to block them, and grant access to Gov. website.

Finally, you check all traffic from Entra> Monitor> Traffic logs

you can add filter to see only blocked websites, by using “Add Filter” “Action” “Block”

Happy Weekend, and Happy New Year!

Resources:

What is Global Secure Access (preview)? – Global Secure Access | Microsoft Learn

Learn about the Global Secure Access clients for Microsoft Entra Private Access and Microsoft Entra Internet Access – Global Secure Access | Microsoft Learn

Learn about Microsoft Entra Internet Access – Global Secure Access | Microsoft Learn

Leave a Reply

Your email address will not be published. Required fields are marked *

International Growth & Expansion

Quick Links

Home
About
Blog
Contact

Our Services

Contact Us

Facebook Twitter Linkedin

Copyright © 2024. All Rights Reserved.