With the rise of hybrid work, identity and network security professionals are now at the forefront of protecting their organizations. Traditional network security tools fall short in meeting the inte...
Updated Sep 18, 2024
Version 2.0
Blog Post
Hi,
Here is the list of issue that need MS to help to think how to solve it. all this issues been raised to MS and who witnessed it.
This is my suggestion:
1) there is a conflict on the WCF (which is part of GSA) , if im using GSA as proxy and if the user disable it then WCF protection wont apply. hence GSA as Internet proxy is useless.
2) WHY users are allowed to disable the GSA if its a proxy? MS should implement Exit Code on the system tray and code will be shared by admin to disable the agent. if the user encountered issues on a exception basis or the admin can directly disable temprorary for the user from the GSA console page.
3) After GSA is installed , users are impacted with token authentication error on outlook and teams. (confirm by MS after we reproduced it)
4) MS should consider remove the WCF if you dont want to implement exit code (this is dangerous as for security where users can bypass the proxy), alot of work need to be done if MS wants to consider GSA internet access as proxy !!. Please look at how checkpoint perimeter81 proxy is done.
5) if you going to remove the WCF , then improve the WCF where you able to addd wild card/domain/fqdn etc.
6) If you not going to remove the WCF , then create 2 exit code (1st exit code for GSA (internet proxy) , 2- exit code for private access) at the system tray.
7) GSA policies should be downloaded to the devices or part of the agent, so that remote users will have the policy enforced all the time when they go home.
https://feedback.azure.com/d365community/idea/fe6a96b8-d07e-ef11-a4e5-000d3a01397d