Microsoft Entra Security Service Edge with Richard Hicks
Nov 15, 2023
auto_awesome
Richard Hicks, VPN guru, discusses Microsoft Entra Security Service Edge. Topics include Azure Conditional Access, Entra Application Proxy, and the future of Entra and Conditional Access.
Entra global secure access provides identity-centric and context-based authentication for Microsoft 365, internet access, and on-premises applications.
Entra private access offers a secure and granular remote access solution without the need for complex VPN setups.
Deep dives
Introducing Microsoft Entra Security Service Edge
Microsoft has rebranded Azure AD as Entra ID and introduced new security capabilities known as Entra global secure access. This move aligns with the shift towards zero trust network access models. Entra global secure access comprises three pillars: Microsoft 365 access, internet access, and private access. All these solutions are identity-centric and focus on strong authentication and conditional access. With Entra ID, organizations can apply Azure conditional access policies to Microsoft 365, internet access, and on-premises applications, ensuring secure and context-based authentication.
Replacing Legacy VPNs with Entra Private Access
Entra private access is a tool within the Entra ID suite that allows organizations to securely access on-premises resources without the need for a traditional VPN infrastructure. By extending the capabilities of the Azure AD application proxy connector, Entra private access enables TCP and UDP-based applications to be accessed securely over the internet. It supports strong authentication through Azure conditional access and provides granular control and authorization for legacy protocols like RDP and SMB. Although still in public preview, Entra private access is expected to offer a comprehensive remote access solution without the need for complex VPN setups.
Benefits of Conditional Access with Entra ID
Conditional access is a key feature of Entra ID, providing contextual and continuous evaluation of access requests. By leveraging strong authentication factors and Azure conditional access policies, organizations can enforce granular access controls for various resources, including Microsoft 365, TCP/UDP-based applications, and on-premises data. Contextual evaluations consider factors like time, location, and behavior to dynamically adapt access requirements. Conditional access offers a more modern and robust approach to secure remote access, reducing the risk of unauthorized access and enabling organizations to adopt a zero trust network access model.
Considerations and Future Outlook
While Entra ID and Entra private access offer compelling security and remote access capabilities, it is important to note that these solutions are still in the early stages of development. Entra private access currently requires a software agent to be installed on client machines. However, Microsoft plans to integrate client-side components into future operating systems. It is also important to carefully configure and monitor conditional access policies to ensure they align with security requirements and avoid potential vulnerabilities. Overall, as Entra ID evolves and matures, it has the potential to transform remote access and identity-centric security for organizations.
So, what's Microsoft Entra all about? Richard chats with VPN guru Richard Hicks about his experiences with Microsoft Entra. More than just a new name for Azure Active Directory, Entra includes essential tooling to provide secure access to all sorts of services - and not only Microsoft ones! Richard talks about how Azure Conditional Access can be applied across all types of Microsoft products and with Entra Application Proxy, you can access your internal services and servers. Many of the capabilities are in preview now - but the future looks bright for Entra and Conditional Access!