Sign up to save your podcasts
Or
Share Identity-Centric Network Security: Entra Global Secure Access Architecture & Benefits
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Identity-Centric Network Security: Entra Global Secure Access Architecture & Benefits
Is the traditional VPN dead? In the latest episode of Entra Chat, we dive deep Microsoft Entra Global Secure Access (GSA).Joined by Karen Simmel from the GSA product team and Thomas from the Entra CXE Architecture team, we explore how Microsoft is bridging the gap between identity and network security.The Shift from VPN to SASEThe "good old days" of spinning up firewalls and DMZs are fading. Traditional controls are often too coarse-grained and lack identity awareness. As Thomas explains, the COVID-19 pandemic accelerated the need for change when traditional VPN gateways physically couldn't handle the load of remote workforces.This has paved the way for SASE (Secure Access Service Edge) and SSE (Security Service Edge), which move security controls to the cloud at hyperscale.What is Global Secure Access?The team breaks down the confusing terminology to help you understand the core products:* Microsoft Entra Private Access: This is the ZTNA (Zero Trust Network Access) solution, replacing the classic VPN for accessing on-prem and private resources.* Microsoft Entra Internet Access: This acts as a Secure Web Gateway (SWG), protecting outbound access to SaaS apps and the internet with URL filtering and DLP controls.* Microsoft Entra Suite: A bundle that combines these network capabilities with Verified ID, Identity Governance, and Identity Protection for a comprehensive solution.The "Secret Sauce"Why choose Microsoft's solution? The differentiator is that GSA isn't just integrated with the Identity Provider (IdP)βit *is* part of the IdP.This deep integration allows for near real-time security. For example, if a user's device is compromised, the SOC team can revoke the token, and Entra can immediately terminate the network tunnel or prompt for step-up authentication. It brings the power of Conditional Access directly to network traffic.Better Performance, Better PrivacyContrary to the belief that security slows things down, GSA often improves performance. By leveraging Microsoft's massive global private fiber network, traffic is intelligently routed to the closest point of presence rather than being backhauled to a headquarters.From a privacy standpoint, admins have granular control. You decide what traffic is tunneled and inspected, ensuring you can meet compliance requirements (like those in the EU) without over-monitoring employee activity.Ready to Deploy?Deployment doesn't have to take months. Some customers are getting up and running with a Proof of Concept (PoC) in a single day. Whether you use the client-based agent or need client-less access for contractors, Microsoft provides detailed deployment plans to guide you.
Subscribe with your favorite podcast player or watch on YouTube π
About the Guests
Keren SemelKeren leads visibility and data insights for the Global Secure Access product group. Based in Tel Aviv, she brings deep experience from the SASE/SSE market to Microsoft.
LinkedIn: https://www.linkedin.com/in/keren-semel-4876383/Thomas Detzner Thomas is a lead architect in the Entra CxE team, specializing in Global Secure Access and Zero Trust. A former network engineer based near Munich, he helps organizations bridge the gap between traditional networking and modern identity security.
LinkedIn: https://www.linkedin.com/in/thomasdetzner/
π Related Links
* Microsoft Global Secure Access Documentation - https://learn.microsoft.com/en-us/entra/global-secure-access/
* Zero Trust Workshop - https://aka.ms/ztworkshop
π Chapters
00:00 Intro
05:17 The Limitations of Legacy VPNs
12:49 SASE vs SSE vs ZTNA Explained
21:26 The Identity-Network Secret Sauce
29:42 Unpacking Entra Suite
33:20 Microsoftβs Global Network Architecture
38:19 Client and Clientless Connectivity
41:26 Deployment and POC Process
45:31 Migrating from Zscaler to GSA
47:15 Privacy and Compliance Controls
Podcast Apps
π§ Apple Podcast β https://entra.chat/apple
πΊ YouTube β https://entra.chat/youtube
πΊ Spotify β https://entra.chat/spotify
π§ Overcast β https://entra.chat/overcast
π§ Pocketcast β https://entra.chat/pocketcast
π§ Others β https://entra.chat/rss
Merillβs socials
πΊ YouTube β youtube.com/@merillx
π LinkedIn β linkedin.com/in/merill
π€ Twitter β twitter.com/merill
πΊ TikTok β tiktok.com/@merillf
π¦ Bluesky β bsky.app/profile/merill.net
π Mastodon β infosec.exchange/@merill
𧡠Threads β threads.net/@merillf
π€ GitHub β github.com/merill
Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
View all episodes
By Merill Fernando
5
44 ratings
Is the traditional VPN dead? In the latest episode of Entra Chat, we dive deep Microsoft Entra Global Secure Access (GSA).Joined by Karen Simmel from the GSA product team and Thomas from the Entra CXE Architecture team, we explore how Microsoft is bridging the gap between identity and network security.The Shift from VPN to SASEThe "good old days" of spinning up firewalls and DMZs are fading. Traditional controls are often too coarse-grained and lack identity awareness. As Thomas explains, the COVID-19 pandemic accelerated the need for change when traditional VPN gateways physically couldn't handle the load of remote workforces.This has paved the way for SASE (Secure Access Service Edge) and SSE (Security Service Edge), which move security controls to the cloud at hyperscale.What is Global Secure Access?The team breaks down the confusing terminology to help you understand the core products:* Microsoft Entra Private Access: This is the ZTNA (Zero Trust Network Access) solution, replacing the classic VPN for accessing on-prem and private resources.* Microsoft Entra Internet Access: This acts as a Secure Web Gateway (SWG), protecting outbound access to SaaS apps and the internet with URL filtering and DLP controls.* Microsoft Entra Suite: A bundle that combines these network capabilities with Verified ID, Identity Governance, and Identity Protection for a comprehensive solution.The "Secret Sauce"Why choose Microsoft's solution? The differentiator is that GSA isn't just integrated with the Identity Provider (IdP)βit *is* part of the IdP.This deep integration allows for near real-time security. For example, if a user's device is compromised, the SOC team can revoke the token, and Entra can immediately terminate the network tunnel or prompt for step-up authentication. It brings the power of Conditional Access directly to network traffic.Better Performance, Better PrivacyContrary to the belief that security slows things down, GSA often improves performance. By leveraging Microsoft's massive global private fiber network, traffic is intelligently routed to the closest point of presence rather than being backhauled to a headquarters.From a privacy standpoint, admins have granular control. You decide what traffic is tunneled and inspected, ensuring you can meet compliance requirements (like those in the EU) without over-monitoring employee activity.Ready to Deploy?Deployment doesn't have to take months. Some customers are getting up and running with a Proof of Concept (PoC) in a single day. Whether you use the client-based agent or need client-less access for contractors, Microsoft provides detailed deployment plans to guide you.
Subscribe with your favorite podcast player or watch on YouTube π
About the Guests
Keren SemelKeren leads visibility and data insights for the Global Secure Access product group. Based in Tel Aviv, she brings deep experience from the SASE/SSE market to Microsoft.
LinkedIn: https://www.linkedin.com/in/keren-semel-4876383/Thomas Detzner Thomas is a lead architect in the Entra CxE team, specializing in Global Secure Access and Zero Trust. A former network engineer based near Munich, he helps organizations bridge the gap between traditional networking and modern identity security.
LinkedIn: https://www.linkedin.com/in/thomasdetzner/
π Related Links
* Microsoft Global Secure Access Documentation - https://learn.microsoft.com/en-us/entra/global-secure-access/
* Zero Trust Workshop - https://aka.ms/ztworkshop
π Chapters
00:00 Intro
05:17 The Limitations of Legacy VPNs
12:49 SASE vs SSE vs ZTNA Explained
21:26 The Identity-Network Secret Sauce
29:42 Unpacking Entra Suite
33:20 Microsoftβs Global Network Architecture
38:19 Client and Clientless Connectivity
41:26 Deployment and POC Process
45:31 Migrating from Zscaler to GSA
47:15 Privacy and Compliance Controls
Podcast Apps
π§ Apple Podcast β https://entra.chat/apple
πΊ YouTube β https://entra.chat/youtube
πΊ Spotify β https://entra.chat/spotify
π§ Overcast β https://entra.chat/overcast
π§ Pocketcast β https://entra.chat/pocketcast
π§ Others β https://entra.chat/rss
Merillβs socials
πΊ YouTube β youtube.com/@merillx
π LinkedIn β linkedin.com/in/merill
π€ Twitter β twitter.com/merill
πΊ TikTok β tiktok.com/@merillf
π¦ Bluesky β bsky.app/profile/merill.net
π Mastodon β infosec.exchange/@merill
𧡠Threads β threads.net/@merillf
π€ GitHub β github.com/merill
Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
More shows like Entra.Chat
View all
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
372 Listeners
Risky Business
372 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
651 Listeners
The Amp Hour Electronics Podcast
231 Listeners
CyberWire Daily
1,020 Listeners
Microsoft Cloud IT Pro Podcast
62 Listeners
Cybersecurity Today
179 Listeners
Hacking Humans
315 Listeners
CISO Series Podcast
189 Listeners
Defense in Depth
74 Listeners
Practical 365 Podcast - Microsoft 365, Copilot & Cybersecurity News & Discussions
9 Listeners
The Azure Security Podcast
25 Listeners
Cyber Security Headlines
139 Listeners
Blue Security
15 Listeners
Risky Bulletin
44 Listeners