S
Sinead O'Donovan
Today, we announced the general availability of the Microsoft Entra Suite which brings together identity and network access controls to secure access to any cloud or on-premises application or resource from any location. It consistently enforces least privilege access to achieve your governance requirements while improving your employee experience.
Companies today have good reason to focus on security. On one hand, we’re reaping the advantages of increased scalability, efficiency, and cost reductions, including all the benefits gained from generative AI’s large language models. However, these advantages also make it possible for malicious actors to exploit advanced technologies to create malware, target network vulnerabilities, and generate phishing attacks that put organizations’ data and reputations at higher risk.
When identity and network access solutions operate in isolation and not in tandem, they can lead to increased complexity, inconsistent policies, and a lack of unified context across standalone solutions. This can unintentionally result in a fragmented security posture and vulnerabilities that malicious actors could exploit, potentially disrupting business continuity and compromising the user experience.
Neither identity nor network security controls alone can protect all your access scenarios, highlighting the need for you to adopt a holistic strategy to counteract evolving threats and protect your critical assets—no matter where the users and resources are located.
Along with the Microsoft Entra Suite general availability, we also announced Microsoft’s Security Service Edge (SSE) solution general availability, Microsoft Entra Private Access and Microsoft Entra Internet Access. These two products coupled with our SaaS security-focused CASB—Microsoft Defender for Cloud apps—comprise Microsoft's Security Service Edge solution, a cloud-delivered, identity-centric networking model that transforms the way you secure access.
Microsoft’s SSE solution is all about helping you eliminate security gaps in your defenses, extending Conditional Access and continuous access evaluation to all your applications and resources, whether they’re on-premises or in any cloud.
Figure 1: Secure access to any app or resource, from anywhere, with an identity-centric Security Service Edge (SSE) solution.
Here, in more detail, are the key advantages of Microsoft’s SSE solution to your organization.
Eliminate security loopholes caused by identity and network access silos
Microsoft’s SSE Solution ensures that your identity and network access solutions work together. By unifying these separate elements, your security teams can bolster your organization’s security stance in the face of emerging threats. No more deciding which tool works for each app or how to bridge the policies your identity and network teams created. Now you can secure access with an easy-to-manage, unified, identity-centric approach to any application, resource, or destination—and not sacrifice user productivity due to complex, disjointed security controls.
Simplify access and improve end user experience at a global scale
Microsoft’s SSE solution is delivered from one of the largest global private networks: Microsoft’s Global Wide Area Network. The network connects Microsoft data centers across 61 Azure regions with more than 185 global network POPs and a vast array of growing SSE edge locations strategically placed around the world. This helps you optimally connect your users and devices to public and private resources seamlessly and securely, improving performance and boosting productivity by offering your people a fast, consistent, hybrid work experience.
Activate side-by-side, flexible deployment options with other SSE and networking solutions
Microsoft Entra Private Access and Microsoft Entra Internet Access can be deployed standalone or side-by-side with other SSE solutions. Global Secure Access client allows control over network traffic at the user endpoint device, giving you the ability to route specific traffic profiles through Microsoft’s SSE solution. The client for Windows and Android operating systems are now in general availability, and for iOS and Mac operating systems, in public preview. With flexible deployment options, the Global Secure Access client could acquire traffic based on the traffic forwarding profiles you configure for Private Access, Internet Access, and Microsoft traffic.
For example, you can configure Private Access profiles anywhere you replace your third-party legacy VPNs—with an identity-centric Zero Trust Network Access (ZTNA) solution. You can also configure your Microsoft profile to enable improved performance for Microsoft applications, while you keep your private and internet traffic protected with the SSE solution of your choice.
Microsoft Entra Private Access is an identity-centric ZTNA solution that helps you secure access to all private apps and resources for your users—located anywhere. Private Access allows you to replace your legacy VPN with ZTNA to securely connect your users to any private resource and application—without providing full network access to all private resources. This solution embraces Zero Trust principles to protect against cyber threats and to mitigate lateral movement, while enforcing advanced app segmentation and adaptive least-privilege access policies. Using Microsoft’s global private network, you can give your users a fast, seamless access experience that balances security with productivity.
Figure 2: Secure access to all private apps and resources, for users anywhere, with an identity-centric Zero Trust Network Access (ZTNA).
Here, in more detail, are the key use cases of Microsoft Entra Private Access.
Replace legacy VPNs with an identity-centric ZTNA solution
With Microsoft Entra Private Access, easily start retiring your legacy VPN and level up to an identity-centric ZTNA solution that helps you reduce your attack surface, mitigate lateral threat movement, and remove unnecessary operational complexity for your IT teams. Unlike traditional VPNs, Microsoft Entra Private Access protects access by granting least privilege access to your network for all your hybrid users— whether they are remote or local—and, accessing any legacy, custom, modern, or private apps that are on-premises or on any cloud.
Enforce Conditional Access across all private resources
To enhance your security posture and minimize the attack surface, it’s crucial to implement robust Conditional Access controls—without making any changes to your private applications and resources such as multifactor authentication (MFA). You can also seamlessly enable single sign-on (SSO) across all private resources and applications, including legacy or proprietary applications that may not support modern authorization.
Deliver fast and easy access at global scale
Enhance your workforce’s productivity by leveraging Microsoft’s vast global edge presence, providing fast and easy access to private apps and resources, whether on-premises or on private data centers, and across any cloud. Users benefit from optimized traffic routing through the closest worldwide points-of-presence (POP), reducing latency for a consistently swift hybrid work experience.
Microsoft Entra Internet Access is an identity-centric Secure Web Gateway (SWG) for SaaS apps and internet traffic. It’s the industry’s first truly identity-centric SWG solution capable of converging all enterprise access controls in one place. This advantage eliminates the security loopholes created by using multiple security solutions, while it also protects your enterprise from malicious internet traffic, unsafe or non-compliant content, and other threats from the open internet. Working alongside Microsoft Entra Private Access and the rest of the Microsoft Entra identity stack, it unifies your access policies across all internet resources and SaaS apps.
Figure 3: Secure access to all internet and SaaS apps and resources with an identity-centric Secure Web Gateway (SWG).
Protect your organization against internet threats
Microsoft Entra Internet Access provides robust web content filtering options to restrict enterprise users from accessing undesirable online content. With web category filtering, you can easily allow or block a vast range of internet destinations based on pre-populated web categories, which include liability, high bandwidth, productivity loss, general browsing, and security threat (malware, compromised websites, spam sites, etc.) sites. For more granular control, you can use fully qualified domain name (FQDN) filtering to establish policies that allow or block specific endpoints or to override general web category policies effortlessly.
Extend Conditional Access context richness to internet security
Modern businesses require versatile filtering policies that adjust to different scenarios. Microsoft Entra Internet Access gives you the ability to apply Conditional Access controls to your SWG policies leveraging the user, device, risk, and location signals to allow or block access to relevant internet destinations. Internet Access consolidates network and identity access controls into one policy engine and allows you to extend Conditional Access (and in future Continuous Access Evaluation) to cover all external destinations and cloud services, even those not federated with Microsoft Entra ID. Additionally, our deep integrations with Entra ID include valuable features like token theft protection, source IP restoration, and data exfiltration safeguards through Universal Tenant Restriction.
Deliver fast and consistent access at global scale
Enhance your users' productivity by providing swift and smooth access through a global network edge, with POPs located near the user and private WAN. Utilize numerous peering agreements with internet providers to deliver top performance and reliability. Minimize additional hops and streamline traffic routing for all Microsoft services. Implement optimal traffic management for Microsoft applications in conjunction with solutions from third-party SSE providers using side-by-side access models.
Organizations need an easier, more agile approach to protect access to all their applications and resources. This action safeguards your critical assets no matter where they are located. Today’s general availability of our Microsoft Entra Internet and Private Access products—our Microsoft’s SSE solution—does just that. It makes it harder for bad actors to gain access to your sensitive data—even if they successfully infiltrate your network—by extending identity security controls and access governance to your network.
Now, you can benefit from a streamlined security environment where your users have access to only the necessary resources, simplifying their work. With Conditional Access, granular identity and network access policies are now unified, closing critical security gaps and reducing operational complexity. The global, private, wide area network provided by Microsoft ensures a seamless, efficient hybrid work experience. And integration with Microsoft’s extensive security portfolio and partner ecosystem supports the implementation of Zero Trust principles throughout the entire security landscape, enhancing your overall protection.
Be sure to register for the Zero Trust spotlight on July 31, 2024, where Microsoft experts and thought leaders will dive deeper into these announcements. Also, stay tuned for product deep dive blogs and our upcoming Tech Accelerator product deep dive sessions on Aug 14, 2024. We'll expand on how our SSE solution and its two core products, Microsoft Entra Private Access and Microsoft Entra Internet Access can uniquely and successfully provide a secure approach to access across your organization’s entire digital estate.
To get started, contact a Microsoft sales representative, begin a trial, and explore Microsoft Entra Private Access and Microsoft Entra Internet Access general availability. Share your feedback to help us make this solution even better.
Sinead O’Donovan
Vice President of Product Management, Identity and Network Access at Microsoft
Read more on this topic
Learn more about Microsoft Entra
Prevent identity attacks, ensure least privilege access, unify access controls, and improve the experience for users with comprehensive identity and network access solutions across on-premises and clouds.
Continue reading...
Companies today have good reason to focus on security. On one hand, we’re reaping the advantages of increased scalability, efficiency, and cost reductions, including all the benefits gained from generative AI’s large language models. However, these advantages also make it possible for malicious actors to exploit advanced technologies to create malware, target network vulnerabilities, and generate phishing attacks that put organizations’ data and reputations at higher risk.
When identity and network access solutions operate in isolation and not in tandem, they can lead to increased complexity, inconsistent policies, and a lack of unified context across standalone solutions. This can unintentionally result in a fragmented security posture and vulnerabilities that malicious actors could exploit, potentially disrupting business continuity and compromising the user experience.
Neither identity nor network security controls alone can protect all your access scenarios, highlighting the need for you to adopt a holistic strategy to counteract evolving threats and protect your critical assets—no matter where the users and resources are located.
The case for unified security: A strategic imperative
Along with the Microsoft Entra Suite general availability, we also announced Microsoft’s Security Service Edge (SSE) solution general availability, Microsoft Entra Private Access and Microsoft Entra Internet Access. These two products coupled with our SaaS security-focused CASB—Microsoft Defender for Cloud apps—comprise Microsoft's Security Service Edge solution, a cloud-delivered, identity-centric networking model that transforms the way you secure access.
Microsoft’s SSE solution is all about helping you eliminate security gaps in your defenses, extending Conditional Access and continuous access evaluation to all your applications and resources, whether they’re on-premises or in any cloud.
Figure 1: Secure access to any app or resource, from anywhere, with an identity-centric Security Service Edge (SSE) solution.
Here, in more detail, are the key advantages of Microsoft’s SSE solution to your organization.
Eliminate security loopholes caused by identity and network access silos
Microsoft’s SSE Solution ensures that your identity and network access solutions work together. By unifying these separate elements, your security teams can bolster your organization’s security stance in the face of emerging threats. No more deciding which tool works for each app or how to bridge the policies your identity and network teams created. Now you can secure access with an easy-to-manage, unified, identity-centric approach to any application, resource, or destination—and not sacrifice user productivity due to complex, disjointed security controls.
Simplify access and improve end user experience at a global scale
Microsoft’s SSE solution is delivered from one of the largest global private networks: Microsoft’s Global Wide Area Network. The network connects Microsoft data centers across 61 Azure regions with more than 185 global network POPs and a vast array of growing SSE edge locations strategically placed around the world. This helps you optimally connect your users and devices to public and private resources seamlessly and securely, improving performance and boosting productivity by offering your people a fast, consistent, hybrid work experience.
Activate side-by-side, flexible deployment options with other SSE and networking solutions
Microsoft Entra Private Access and Microsoft Entra Internet Access can be deployed standalone or side-by-side with other SSE solutions. Global Secure Access client allows control over network traffic at the user endpoint device, giving you the ability to route specific traffic profiles through Microsoft’s SSE solution. The client for Windows and Android operating systems are now in general availability, and for iOS and Mac operating systems, in public preview. With flexible deployment options, the Global Secure Access client could acquire traffic based on the traffic forwarding profiles you configure for Private Access, Internet Access, and Microsoft traffic.
For example, you can configure Private Access profiles anywhere you replace your third-party legacy VPNs—with an identity-centric Zero Trust Network Access (ZTNA) solution. You can also configure your Microsoft profile to enable improved performance for Microsoft applications, while you keep your private and internet traffic protected with the SSE solution of your choice.
A closer look at Microsoft Entra Private Access
Microsoft Entra Private Access is an identity-centric ZTNA solution that helps you secure access to all private apps and resources for your users—located anywhere. Private Access allows you to replace your legacy VPN with ZTNA to securely connect your users to any private resource and application—without providing full network access to all private resources. This solution embraces Zero Trust principles to protect against cyber threats and to mitigate lateral movement, while enforcing advanced app segmentation and adaptive least-privilege access policies. Using Microsoft’s global private network, you can give your users a fast, seamless access experience that balances security with productivity.
Figure 2: Secure access to all private apps and resources, for users anywhere, with an identity-centric Zero Trust Network Access (ZTNA).
Here, in more detail, are the key use cases of Microsoft Entra Private Access.
Replace legacy VPNs with an identity-centric ZTNA solution
With Microsoft Entra Private Access, easily start retiring your legacy VPN and level up to an identity-centric ZTNA solution that helps you reduce your attack surface, mitigate lateral threat movement, and remove unnecessary operational complexity for your IT teams. Unlike traditional VPNs, Microsoft Entra Private Access protects access by granting least privilege access to your network for all your hybrid users— whether they are remote or local—and, accessing any legacy, custom, modern, or private apps that are on-premises or on any cloud.
Enforce Conditional Access across all private resources
To enhance your security posture and minimize the attack surface, it’s crucial to implement robust Conditional Access controls—without making any changes to your private applications and resources such as multifactor authentication (MFA). You can also seamlessly enable single sign-on (SSO) across all private resources and applications, including legacy or proprietary applications that may not support modern authorization.
Deliver fast and easy access at global scale
Enhance your workforce’s productivity by leveraging Microsoft’s vast global edge presence, providing fast and easy access to private apps and resources, whether on-premises or on private data centers, and across any cloud. Users benefit from optimized traffic routing through the closest worldwide points-of-presence (POP), reducing latency for a consistently swift hybrid work experience.
A closer look at Microsoft Entra Internet Access
Microsoft Entra Internet Access is an identity-centric Secure Web Gateway (SWG) for SaaS apps and internet traffic. It’s the industry’s first truly identity-centric SWG solution capable of converging all enterprise access controls in one place. This advantage eliminates the security loopholes created by using multiple security solutions, while it also protects your enterprise from malicious internet traffic, unsafe or non-compliant content, and other threats from the open internet. Working alongside Microsoft Entra Private Access and the rest of the Microsoft Entra identity stack, it unifies your access policies across all internet resources and SaaS apps.
Figure 3: Secure access to all internet and SaaS apps and resources with an identity-centric Secure Web Gateway (SWG).
Protect your organization against internet threats
Microsoft Entra Internet Access provides robust web content filtering options to restrict enterprise users from accessing undesirable online content. With web category filtering, you can easily allow or block a vast range of internet destinations based on pre-populated web categories, which include liability, high bandwidth, productivity loss, general browsing, and security threat (malware, compromised websites, spam sites, etc.) sites. For more granular control, you can use fully qualified domain name (FQDN) filtering to establish policies that allow or block specific endpoints or to override general web category policies effortlessly.
Extend Conditional Access context richness to internet security
Modern businesses require versatile filtering policies that adjust to different scenarios. Microsoft Entra Internet Access gives you the ability to apply Conditional Access controls to your SWG policies leveraging the user, device, risk, and location signals to allow or block access to relevant internet destinations. Internet Access consolidates network and identity access controls into one policy engine and allows you to extend Conditional Access (and in future Continuous Access Evaluation) to cover all external destinations and cloud services, even those not federated with Microsoft Entra ID. Additionally, our deep integrations with Entra ID include valuable features like token theft protection, source IP restoration, and data exfiltration safeguards through Universal Tenant Restriction.
Deliver fast and consistent access at global scale
Enhance your users' productivity by providing swift and smooth access through a global network edge, with POPs located near the user and private WAN. Utilize numerous peering agreements with internet providers to deliver top performance and reliability. Minimize additional hops and streamline traffic routing for all Microsoft services. Implement optimal traffic management for Microsoft applications in conjunction with solutions from third-party SSE providers using side-by-side access models.
Conclusion
Organizations need an easier, more agile approach to protect access to all their applications and resources. This action safeguards your critical assets no matter where they are located. Today’s general availability of our Microsoft Entra Internet and Private Access products—our Microsoft’s SSE solution—does just that. It makes it harder for bad actors to gain access to your sensitive data—even if they successfully infiltrate your network—by extending identity security controls and access governance to your network.
Now, you can benefit from a streamlined security environment where your users have access to only the necessary resources, simplifying their work. With Conditional Access, granular identity and network access policies are now unified, closing critical security gaps and reducing operational complexity. The global, private, wide area network provided by Microsoft ensures a seamless, efficient hybrid work experience. And integration with Microsoft’s extensive security portfolio and partner ecosystem supports the implementation of Zero Trust principles throughout the entire security landscape, enhancing your overall protection.
Be sure to register for the Zero Trust spotlight on July 31, 2024, where Microsoft experts and thought leaders will dive deeper into these announcements. Also, stay tuned for product deep dive blogs and our upcoming Tech Accelerator product deep dive sessions on Aug 14, 2024. We'll expand on how our SSE solution and its two core products, Microsoft Entra Private Access and Microsoft Entra Internet Access can uniquely and successfully provide a secure approach to access across your organization’s entire digital estate.
To get started, contact a Microsoft sales representative, begin a trial, and explore Microsoft Entra Private Access and Microsoft Entra Internet Access general availability. Share your feedback to help us make this solution even better.
Sinead O’Donovan
Vice President of Product Management, Identity and Network Access at Microsoft
Read more on this topic
- Microsoft Entra Internet Access
- Microsoft Entra Private Access
- Get started and try Entra suite products
- Simplify your Zero Trust strategy with the Microsoft Entra Suite and unified security operations platform, now generally available
Learn more about Microsoft Entra
Prevent identity attacks, ensure least privilege access, unify access controls, and improve the experience for users with comprehensive identity and network access solutions across on-premises and clouds.
- Microsoft Entra News and Insights | Microsoft Security Blog
- Microsoft Entra blog | Tech Community
- Microsoft Entra documentation | Microsoft Learn
- Microsoft Entra discussions | Microsoft Community
Continue reading...