Event banner
Event details
How does the Global Access Client work as compared to VPN clients form the OS perspective ? I mean do you install another Virtual Adapter that will basically route all traffic to this adapter (Similar to VPN) OR Is it like some Tap/Traffic filter that you will leverage ?
- You mentioned that it supports 3rd party SSE in parallel for Internet access. Can you please elaborate on what you mean exactly ? Do you mean You support compatibility with SSE agents like Zscaler ZIA Client ? OR something else ? Can you point me to some document ?
That concludes this session of Microsoft Entra Tech Accelerator. Thanks for joining! We'll continue to answer questions in the chat. Up next: Ask Microsoft Anything: Azure AD is being renamed.
Note: The Comments section will be open up to questions for 24 hours and we'll reply as promptly as possible.
In addition to the questions posted on this page, we also answer questions posted in reply to the event on LinkedIn and Twitter. Here are the questions we answered today:
- When creating a network/application rule is it possible to add multiple network ports to a single IP/IP Range. Can you mix UDP and TCP in the same rule?
- Anupma_Sharma
Microsoft
We will support a hierarchy of rules to enable admins to define appropriate policies. Full 5-tuple cloud firewall support including ports and protocols granularity is being actively worked upon and you will see it coming out in preview in upcoming months. Short answer - yes - to your question 🙂
- In the Demo we saw login using private access with ip. If in my onpremise network i have enforced kerberos login do i have to use a valid Host name or does it work with ip in entra privat access ?
- Ian_ParramoreThere'll be a few factors here including: - Are you allowing access to a KDC through Private Access - Can the client obtain a Kerberos ticket from the KDC using IP address Generally, Kerberos is going to work better using FQDN's.
- Is it possible to install the Application Proxy connector on Server Core? If not, are there plans to support this deployment model in the future?
- Gustavo_MaulerApplication Proxy connector requires Windows Server 2012 R2 or later and you also need .NET 4.8 for the new connectors. We are taking your feedback on Server Core supportability to our engineering teams.
- Thanks! This workload would seem to be an ideal candidate for Server Core as it requires little to no administration post-deployment. 🙂
- Are there any API integrations planned together with other security vendors as part of the solution? Some offers today have examples that go outside the scope of one vendor, like; "If CrowdStrike ZTA score > 80 then allow" "Check URL towards PA Wildfire for second verdict" "Send file download hash to Cisco Threat Intel for second verdict"
tdetznerWe are working closely with 3rd Party vendors and look for integration opportunities going forward.
- Will Internet Access support non-HTTP protocols such as FTP, SFTP etc..
- Ian_ParramoreThis is part of our roadmap plan. We will share more as we progress.
- Can Entra SASE \SSE work with 3rd party EDR solutions other than MDE?
- Anupma_SharmaYes we will be working on third party integrations with SIEM and EDR/XDR solutions in addition to first-part products like Sentinel and MDE.
- Will private access allow for a longer backend application timeout? Currently, the Application's Proxy's most extended setting only allows three minutes.
- tdetznerGreat Feedback. We will look into this.
- Jeevan_BishtWe will have supported for longer timeouts, also there is a current private preview for Azure AD App proxy which allows to go beyond the 3 minutes.
Thanks for participating in today's AMA: Microsoft Entra Internet Access and Microsoft Entra Private Access! For reference, the panel covered this topic at around 48:00.
