GSA client exclamation mark, Forwarding policy dosen't exist in registry
Good day, Have difficult time getting Entra Private Access working. Entra portal --------------- GSA > Dashboard > Device Status says : 0 have the Global Secure Access Client installed: 0.0% The client pc is entra joined and is compliant, the client user has Entra ID Suite Trail license assigned. Traffic forwarding > Private access is enabled, have Quick Access application configured for SMB access. User and group assigments is set to a group where the user resides. Microsoft traffic profile and Internet access profile = disabled (as for now i just want to make the Private acces profile working) Enterprise applications = 1 active Connectors are online with status active. Client PC ------ Event log of client pc says the understated: Error occurred while requesting a new forwarding profile: The SSL connection could not be established, see inner exception.. Request Parameters: Microsoft Entra Device ID: 61ma02-9453-1277-98gz-hkdhksa3d0, Correlation vector: kdfhkshfkashdJ.0, APS URL: https://aps.globalsecureaccess.microsoft.com/api/v3/AgentSettings?os=Windows%2010&clientVersion=2.8.45.0. The client will continue working with the existing forwarding profile. GSA Advanced diagnostics: Username : empty Tenant ID : empty Forwarding profile ID: empty Client version 2.8.45.0 Health check = is green till Policy server is reachable, after that exclamation mark. https://aps.globalsecureaccess.microsoft.com/api/v3/AgentSettings?os=Windows%2010&clientVersion=2.8.45.0 if i try the above url in the browser then i get invalid request, this means that the client is able to reach the server, which means network or DNS issues are unlikely and the The SSL handshake is successful, and the certificate is valid. Need guidance as to understand why the client is not able to retreive profiles, i am using windows 11. Tried with disabling firewall too. Thanks!
Global Secure Access bypass (Internet and web filtering)
Hi, I understand in Global Secure Access "365" I can use a Conditional Access Policy to block access to 365 if not from a "All Compliant Network locations" to prevent a user pausing the Client. But If I want to use Global Secure Access "Internet" and use the web filtering, how do I prevent a user pausing the client and bypassing the restriction. I assume this would be a Conditional access rule, but how would you prevent any/all Internet traffic bypassing the client on pause?
Azure Application Proxy - Add application segments gray out
We are try to add Azure Application Proxy - wildcard application as when add then Add application segments gray out and not allow to click to add function Internal Url : https://*.test.com External Url : https://*.test.com please help me how to configure to can Add application segmentsAzure AD Application Proxy - Remote Desktop Services (RDS) RDP UDP Support
A client uses an AAD app proxy to publish RDS and followed these Microsoft docs to set everything up ... https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-integrate-with-remote-desktop-services Users authenticate against the remote desktop gateway to then access VMs that are hosted on-prem. Users now report that RDP sessions are somewhat slow and laggy with the sessions freezing every 10-20s for 1-2s. We've checked the entire environment and found out that RDP sessions are using UDP 3391 but TCP 443. There seems to be a limitation with the app proxy being unable to support UDP as first noticed in 2017 (https://social.technet.microsoft.com/Forums/windows/en-US/800bbe5e-afbc-46ed-bdb9-9e3f942337c7/performance-issues-when-using-rds-2016-in-azure-with-azure-ad-ds-and-azure-app-proxy), then again in 2019 (https://social.technet.microsoft.com/Forums/en-US/8dd34139-9aa2-4339-8aed-1c6e645b5766/rds2019-azure-web-proxy-udp) and again in 2022 (https://feedback.azure.com/d365community/idea/f3a05c53-853d-ec11-a819-000d3ae2b5ca). Can someone comfirm this? Is there an update from Microsoft on when the app proxy might support UDP?
