Writing about security topics from Fortis experts

An Introduction to Microsoft's SSE Service

With Microsoft’s recent announcement of Entra Internet Access and Entra Private Access, many customers are wondering how these new products fit into their existing Microsoft investments and how they compare with existing Security Service Edge (SSE) vendors. While both products are still in preview, we can expect that a general availability launch is fast approaching. Let’s take a closer look at how these two products work and how organizations can start planning to leverage them when they become available.

Entra Internet Access

Secure internet access is the cornerstone of hybrid work, and Entra Internet Access is built to deliver a consistent, secure internet browsing experience for all employees, on any device, from any location. Whether you have a fully remote workforce or simply a handful of employees who work remotely after hours, it is essential to ensure they can maintain the same level of protection from threats as those at the office.

Entra internet Access is a cloud-delivered firewall and web filter, managed from the Entra (formerly Azure AD) portal and enforced via the Global Secure Access (GSA) agent on Windows machines. Policies can be applied and enforced on a granular basis, enforcing restrictions for non-sanctioned or high-risk websites from any location. With over 180 service edges across the world, Microsoft has the existing infrastructure to deliver a secure browsing experience without sacrificing speed the same way a traditional VPN tether would. Policies can be enforced for on-premises browsing as well, meaning you only need to configure a single policy for any location.

This service is limited in preview today, but we expect there will be significant feature adoption to bring the service in line with existing SSE vendors in the near future.

Internet Access For M365

For organizations struggling with inconsistent or slow Office 365 user experiences, Entra Internet Access for Microsoft 365 offers a compelling solution. By leveraging Microsoft’s global high-speed Wide Area Network (WAN), Internet Access for Microsoft 365 can help overcome some of these challenges while simultaneously enforcing clear controls for some of the most sensitive data contained in Exchange Online, SharePoint Online, and Teams. This service routes all traffic to M365 services directly over Microsoft’s private WAN. M365 applications are delivered faster and more reliably thanks to this special priority and advanced routing. Services such as conferencing and document collaboration are delivered with reduced latency and jitter to the end user, all while being completely transparent and requiring no special configuration for IT. Finally, by leveraging built-in governance known as Tenant Restriction, it is now possible to enforce security controls on a per-user basis to ensure employees can only access Microsoft 365 resources you control while preventing third party users or devices from accessing your organizational data.

Entra Private Access

For applications that still exist on premises, providing users remote access via a traditional VPN can be a time-consuming process that is also prone to error, misconfiguration, and security concerns. Between troubleshooting VPN connectivity, upgrading appliances, and maintaining unique access controls for every application, managing VPN access for a handful of applications has historically been a challenge for IT teams.

Entra Private Access acts as a fully functional VPN replacement for all on-premises applications. The same client agent that secures connections to the internet builds a secure tunnel to your on-premises applications through the Microsoft cloud services and allows users to access all applications from any location, regardless of protocol. The only on-premises requirement is a pair of highly available proxy servers, called App Connectors. With no complex routing or access lists to maintain, Entra Private Access allows organizations to onboard dozens of remote applications quickly and securely.

How Fortis by Sentinel Can Help

As workforces become more mobile, and threats to devices and data more prevalent, it is clear that SSE services are becoming a mandatory part of any holistic security strategy. Entra Internet Access and Entra Private Access makes deploying these services seamless for existing Microsoft 365 customers, and the tight integration with existing Entra ID (Azure AD) identity management means you can be up and running with a proof of concept in a matter of hours. Fortis by Sentinel has the knowledge and experience deploying a wide range of SSE solutions, and our expert level Microsoft engineers have extensive background helping customers across every industry achieve rapid security adoption. We can help you at any stage of your SSE journey.

Reach out to your Fortis by Sentinel Account Manager or Contact Us to start the discussion and see if any of the Entra Access solutions make sense for your unique challenges.