Entra Global Secure Access/ Internet Access

PhilPreece1010 · ‎Apr 22 2024

We have apps in Azure and AWS. These cloud apps are IP restricted. Staff can only access these apps if they're working in the office or connected to the office VPN (ie: traffic is proxy'd over the vpn and out through the office wan ip).
Rather than VPN, could we use 'Entra Internet Access' to allow remote users access to these Azure/AWS cloud apps? Is that possible and if so, would we need to install the Global Secure Access connectors in Azure and AWS or is there some kind of shared egress IP we can use and whitelist in Azure/AWS?

Nichole_Peterson · ‎Apr 23 2024

@Anupma_Sharma question for you

svenscholz · ‎May 21 2024

Hey Phil, you can use GSA Private Access feature to do this. You can create applications based on FQDN, doesn't matter if they are internal or not. As soon as you configure your FQDN for private access, traffic will be routed through your configured connector group. The application proxy vms in your connector group can be configured to use Azure nat gateway with a static IP, so you can whitelist this IP in other services. But even better is to have connectors in your VPC/vnet to not even expose your applications if access is anyhow restricted. Then traffic will be kept private for restricted apps.

Entra Global Secure Access/ Internet Access

Entra Global Secure Access/ Internet Access

Re: Entra Global Secure Access/ Internet Access

Re: Entra Global Secure Access/ Internet Access

Products (49)

Special Topics (26)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Entra Global Secure Access/ Internet Access