Event banner
Event details
80 Comments
- Are there plans to support Entra registered devices with the Global Secure Access Client?
tdetznerMicrosoft
We are looking into it. Currently, it is not supported. More details here: https://learn.microsoft.com/en-us/entra/global-secure-access/how-to-install-windows-client
- When will we be able to group CA's to allow delegation to different groups rather than having to use an admin role which grants access to all of them?
- Jeevan_BishtYou can look at this functionality via Entra ID Governance, define Groups Management with a Restricted Roles like Group or User Administrator and https://learn.microsoft.com/en-us/entra/fundamentals/how-to-manage-groups There are additional options in the platform like Administrative Units that could potentially help.
- We are using MS 365 for all our users and utilizing best practices for most of the services, all our services are hosted services. Ex. 1) We are utilizing Defender for Endpoint to protect the machines and protect internet access (Content filtering) 2) Users can only access their cloud services only if the device is compliant So what are the advantages that Microsoft Entra Suite can add to our Org if we decide to use it ?
- Jeevan_Bisht
There are multiple uses cases I would recommend looking at https://aka.ms/InternetAccess and https://aka.ms/PrivateAccess . In a nutshell you are looking at Modern SWG and ZTNA Capabilities for all applications. Your existing configuration can act as Defense in Depth for those scenarios.
- Hello everyone! My question is, When I'm using conditional access, there's a way to limit existing guests in the tenant to prevent accessing to OneDrive User account that's part of the organization?
- Jeevan_BishtYou can protect your Enterprise Data using https://learn.microsoft.com/en-us/entra/global-secure-access/how-to-universal-tenant-restrictions
- The Entra Suite cost summary showed a Verified ID Premium tier for 2$pupm - does this refer to "High assurance entitlement management with ID Governance" or are there additional features covered by this?
- AmelieDarchicourtThe premium capability with Verified ID is Face Check, our facial-matching identity verification capability.
- Thanks for confirming the suite is an add-on to P1. I assume like everything is charged not based on the number of provisioned users, but the MAU
- Janice_RickettsYou can find details on licensing here: Entra Suite: https://www.microsoft.com/en-us/security/business/microsoft-entra-pricing
- What are the limitations (and benefits), if the client has a mix of M365 licensing with business standard, business premium, and E3?
- Janice_RickettsYou can find details on licensing here: https://www.microsoft.com/en-us/security/business/microsoft-entra-pricing
- Dear Team, with transition from AzureAD to EntraID, Microsoft is also promoting to migrate to MS Graph API for the automations. The permissions that are granted via Graph API are tenant wide and cannot be restricted to limited objects on EntraID. My question is that how can we limit Graph API permissions to specific objects so that the possible attack surface decreases in case of security incident? Thank you.
- tdetznerGreat to hear that you are moving to Entra ID. Here are few resources, that should help: https://learn.microsoft.com/en-us/entra/identity-platform/permissions-consent-overview https://github.com/kylemar/Microsoft-identity-platform-training#microsoft-identity-platform-training
- Sorry if this was asked already, joined late. Does private access support hybrid joined systems to process group policy and other functions that typically require long of sight to domain controllers?
- tdetznerThe GSA client does support hybrid joined devices, please see here: https://learn.microsoft.com/en-us/entra/global-secure-access/how-to-install-windows-client We also do support SSO for accessing on-prem resources for both Entra ID joined devices and hybrid joined devices. More details here: https://learn.microsoft.com/en-us/entra/global-secure-access/how-to-configure-kerberos-sso
- Currently, private DNS is not available as GA. Microsoft is still working on it, as far as I know. So, no hybrid joined systems won't have line of sight to DC's
- Is there a way to buy a subset of EntraSuite that includes only Internet Access, Private Access, and Governance or only Internet Access and Private Access? I am specifically looking for this only on M365 Business Premium.
- AmelieDarchicourtAll products that are part of the Suite can be bought standalone. Internet Access and Private Access are each available at $5 per user per month and ID Governance is priced at $7 per user per month. Here's more details about licensing and pricing: aka.ms/PricingEntra
- With M365 Business Premium, you are already on P1. Unfortunately, you will need to buy Private or internet access separate. Or bump up to Entra suite at 9.90£ per user per month
