Event banner
Event details
24 Comments
- if I understood correctly the "Private Access DC Agent" will be part of MDE. When will the feature be available ? How can legacy apps and systems that do not support the GSA Client be handled?
- Janice_Ricketts
Microsoft
The Private Access DC agent is in private preview. Please let us know if you'd like to participate and we can have a closer look at your scenario.- Thanks, yes, it would be great if we can participate. Please let me know how.
- TrevorRusher
Community Manager
Thanks for joining us today! We’ll continue to answer questions here in the chat for the rest of the half hour and we’ll check back through the end of the week.
- Can this be done on a schedule not just a one time or approval?
tdetznerCan you please elaborate on your scenario? Generally speaking, in PIM you can do scheduled activations - https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-how-to-activate-role or via MS Graph: https://learn.microsoft.com/en-us/graph/api/resources/unifiedroleassignmentschedulerequest?view=graph-rest-1.0
- TrevorRusher
Welcome to Get to know Microsoft Entra Private Access at the Entra Tech Accelerator. Let's get started! We’ll be here in chat for the full half hour to answer your questions and throughout the rest of the week. Have a question? Post here in the Comments. Let’s make this an active Q&A!
- Can I reuse my Application Proxy connectors and groups for Private Access or I will need to install another connector? They look like the same thing.
kamrantabishIn addition to what Thomas said, the version of the connector needs to be at least 1.5.3829.0 to support Private Access. As long as this requirement is met, you can use the same connector for both application proxy and Private Access. More details at: https://learn.microsoft.com/en-us/entra/global-secure-access/reference-version-history#version-1538290- tdetznerYou can continue to use your connectors. We recommend you have Auto-Update enabled for the connectors, with this, the connectors will get the latest capabilities automatically. More details at: https://learn.microsoft.com/en-us/entra/global-secure-access/how-to-configure-connectors
We are using Entra Private access using GSA client installed on all user machines. We have a 2 Windows machine with connector service installed on-premise who are part of the connector group. We have two issues with a specific Web application hosted on premise
1. The web app checks for a heartbeat every 300 seconds. When we route the traffic through the connector group, the app signs out the logged in user before the 300 second mark, regardless of whether the user is signed active or idle. When we route the traffic through another connector group which only has one connector, then it all works well. Even though all these 3 connectors are in the same subnet and all outbound using the same public IP.
2. Some of our users using Virgin Media as their ISP can't access this web app, DNS times out. They have a connection suffix on their home Wifi as cable.virginm.net along with our on-premise hosted domain suffix. They can resolve the web app magic IP properly. Any thing that you may thing is going on with Virgin Media ISP's- tdetznerGreat to hear that your are testing private access. Can you please open a support case to investigate the issue?
Will do. The traffic to the app is not even intercepted by the GSA client under Advanced Diagnostics\Traffic just for these users using Virgin media ISP. Even though they are part of the enterprise app
- TrevorRusher
Today’s session, Get to know Microsoft Entra Private Access, kicks off in just a little bit. Have a question? Post it here in the Comments.
On a high level, how is Entra Private Access different from Entra Application Proxy, both regarding functionality and licensing? Are there plans to deprecate the latter in favor of the former?Re-posted the question beneath the AMA session
- What's bandwidth that comes with Entra Suite for Private access? Can we buy more if needed. what's the speeds you have seen for SMB ver3 over Private access.
- tdetznerEntra Suite and Entra Private Access are per month, per user based license models. There are no network bandwidth limitations in place other then your internet connection speed and links. To your performance question: we will be publishing guidance in the coming months
- Is it possible to do internal DNS resolution? I've seen it described while in Beta but don't see that functionality in the release.
- Private DNS is still being worked on by MS. Currently not available, means your device won't have direct line of sight to your DC's for kerberos, LDAP.
- tdetzner
Private DNS is almost ready, it should be available soon in public preview. For now, feel free to use aka.ms/VPNReplacement.
