In this video we are going to give a overview of Microsoft Entra Security Service Edge (SSE) with a demo included showing private access connectivity over RDP, SMB, HTTP.
We start by looking at typical legacy network security approches with office environments and cloud and whats the need for this change to keep up with our flexible and modern ways of working with digital transformation and the way we secure access.
This is where Microsoft have now introduced the Microsoft Entra Security Service Edge. This is in public preview right now and provides Microsoft Entra Internet Access and Microsoft Entra Private Access.
Global secure access client is installed on the end device and this is an agent that can monitor and route network traffic over the Microsoft backbone and apply controls for internet and private access.
Entra Internet Access protects access to any public cloud app or SaaS. The Internet traffic can be managed through traffic profiles.
It protects against malicious and unsafe internet traffic where you can block access for users or non compliant devices using conditional access policies. We can also apply these policies at the network level. So basically with Entra Internet Access we can secure access to all internet, SaaS, and Microsoft 365 apps.
This is all based on Entra ID, such as ID protection and Conditional Access to provide secure authentication, apply tenant restrictions or to detect risky signals and gather activity data based on the principles of Zero Trust.
We then have Entra Private Access which works using application proxy which has been around for a long time and you may be using it to access private web apps currently. This solution has been enhanced for Zero Trust where we can secure access to any private resource, port or protocol.
We would install the application proxy connector on a server, connectors must be installed on a Windows Server that has access to the backend application. The Application Proxy Connector doesn’t require you to open inbound connections through your firewall and proxys the connection.
Then we can create a azure enterprise app to gain access to our private workloads and apps over the internet. The application can be located anywhere, on premise or in the cloud.
Microsoft Entra Security Service Edge
Microsoft Entra Expands into Security Service Edge