Event banner
Event details
106 Comments
Don't be shy! We’re halfway through the AMA, so keep posting your questions in the Comments.
CA isn't always the answer. A problem is that Intune has a "cache" where the device might be compliant or not for some time that isn't true. Can we do a direct policy that tells Private Access to only let in users with X and Y that is checked on the actual machine, not Intune compliance?
Example: Only allow if on connect time the user is running 3rd party EDR service.exe
- Less time for CA compliance would indeed be great for all our access use. Thanks for the answers.
Thanks for participating in today's AMA: Microsoft Entra Internet Access and Microsoft Entra Private Access! For reference, the panel covered this topic at around 41:00.
- Example: Only allow if user is running 3rd party EDR client
- Are the App segment rules evaluated on the client or the SSE cloud?
- Ian_Parramore
Microsoft
Traffic Forwarding profiles are managed in the cloud and delivered to the client. The client will evaluate and acquire traffic to send to the cloud service based on these policies. The cloud service will also check the Traffic Forwarding policies as well as the addition of additional policies, controls and checks as configured by the Administration (Tenant Restrictions, Internet Access web filtering policies etc). Thanks for participating in today's AMA: Microsoft Entra Internet Access and Microsoft Entra Private Access! For reference, the panel covered this topic at around 39:00.
- Will Private access by any chance going to assist in Conditional Access App Control where sometimes if we see delay in page loading/features missing?
Thanks for participating in today's AMA: Microsoft Entra Internet Access and Microsoft Entra Private Access! For reference, the panel covered this topic at around 40:00.
- Will Microsoft provide default Internet Access profile sets for cataloging websites? (Social media, storage, gambling, gaming, etc). If so, will they be continually updated?
Thanks for participating in today's AMA: Microsoft Entra Internet Access and Microsoft Entra Private Access! For reference, the panel covered this topic at around 44:00.
- Ian_ParramoreYes, Web Category filtering will be part of the overall Internet Access capability in due course. This is not available in Public Preview yet.
- Are there any plans to enable Private Access for machine-level access? Specifically for domain-controller access pre-logon for hybrid Azure AD join scenarios.
Thanks for participating in today's AMA: Microsoft Entra Internet Access and Microsoft Entra Private Access! For reference, the panel covered this topic at around 38:00.
- One advantage with this over other solutions, aside from the technical side of things, would probably be cost if it's integrated with M365 E3 & E5. This is often the value proposition with E3/E5.
- Plus, being part of Entra, no need to integrate Entra Identity with a 3rd party solution.
If we have public (internet) facing web apps that only corporate Entra ID users access, and we want to MFA users that access the sites, is Entra Private access the best tool or should we look at Entra Internet Access
Thanks for participating in today's AMA: Microsoft Entra Internet Access and Microsoft Entra Private Access! For reference, the panel covered this topic at around 33:00.
- If you already host that web application in Azure, and users are already authenticating with Entra ID, you can use conditional access policies to enforce MFA.
- I can't see how that can be done? The web app is in Azure and users are authenticating with Entra ID. I want users to only MFA when they access this app and not get MFA'd on a regular basis if I just required them to MFA on any app via CA
- Will Private Access support line-of-sight access to on-premise AD for Self-Service Password Reset at the Windows Login screen?
Thanks for participating in today's AMA: Microsoft Entra Internet Access and Microsoft Entra Private Access! For reference, the panel covered this topic at around 43:00.
- Is Entra going to be integrated into 365 defender?
