https://chris-brumm.com/categories/global-secure-access/Recent content in Global Secure Access on Chris Brumm's BlogHugoen-usFri, 02 Jan 2026 00:00:00 +0000https://chris-brumm.com/2026/01/02/A-second-look-at-EPA4DC/Fri, 02 Jan 2026 00:00:00 +0000https://chris-brumm.com/2026/01/02/A-second-look-at-EPA4DC/🆕 This is the updated version of my blog about Entra Private Access for Active Directory for Domain Controllers. You can find the old version → here ←. New features include the central admin UI and logging! Intro In many environments - often for historical reasons - there is no strict separation of client and server networks. And if there is a firewall between the networks, the rule sets often allow direct communication with the domain controllers in the environment.https://chris-brumm.com/2025/12/21/Cross-Tenant-Global-Secure-Access/Sun, 21 Dec 2025 00:00:00 +0000https://chris-brumm.com/2025/12/21/Cross-Tenant-Global-Secure-Access/One of the many announcements at Ignite (somewhat away from the AI hype) is the long-awaited B2B support for Global Secure Access. It combines Entra B2B, such as cross-tenant access policies, with the features of GSA, enabling an excellent user experience while also providing a very high level of security. Use cases for B2B access When planning the replacement of legacy VPNs, the issue repeatedly arises that the VPN is not only used by employees with managed devices, but also provides access for service providers and consultants, for example.https://chris-brumm.com/2025/11/19/Intelligent-Local-Access-Deep-Dive/Wed, 19 Nov 2025 00:00:00 +0000https://chris-brumm.com/2025/11/19/Intelligent-Local-Access-Deep-Dive/Global Secure Access (GSA) enforces that all client traffic is routed through the cloud before reaching the target resource via Private Network Connectors—even if both endpoints are in the same building or network. This design ensures that security controls are consistently applied. However, not every location has the connectivity of Coruscant; some sites feel more like the Outer Rim—and in Germany, bandwidth limitations can appear quickly. To cope, many users have resorted to disabling the GSA client when on the corporate LAN, a behavior familiar from traditional VPN clients.https://chris-brumm.com/2025/08/19/A-first-look-at-EPA4DC/Tue, 19 Aug 2025 00:00:00 +0000https://chris-brumm.com/2025/08/19/A-first-look-at-EPA4DC/In many environments - often for historical reasons - there is no strict separation of client and server networks. And if there is a firewall between the networks, the rule sets often allow direct communication with the domain controllers in the environment. Although a conversion makes a lot of sense, it is often not possible quickly, because various services like GPOs or Kerberos rely on this communication and a client modernization project takes time and effort.https://chris-brumm.com/2025/04/06/Entra-Private-Access-and-the-future-of-the-Entra-App-Proxy/Sun, 06 Apr 2025 00:00:00 +0000https://chris-brumm.com/2025/04/06/Entra-Private-Access-and-the-future-of-the-Entra-App-Proxy/Since the release of Entra Private Access, I have been getting more and more questions about the future of the Entra App Proxy. Will it still be needed? Should I still use it? Are there synergies or incompatibilities? This blog post is dedicated to these very questions and is part of my series on Global Secure Access Overview to Global Secure Access Global Secure Access in Conditional Access Deep Dive DNS in Entra Private Access Deep Dive SSO in Entra Private Access Entra Private Access and the future of the Entra App Proxy Do I still need the App Proxy?https://chris-brumm.com/2024/09/14/Deep-Dive-SSO-in-Entra-Private-Access/Sat, 14 Sep 2024 00:00:00 +0000https://chris-brumm.com/2024/09/14/Deep-Dive-SSO-in-Entra-Private-Access/A few days ago, Microsoft announced that Global Secure Access is now generally available. Since I have been working with the product for some time now and more and more proof of concepts are being launched, it is high time for me to do a blog series about it. Here is an overview of the parts (planned so far): Overview to Global Secure Access Global Secure Access in Conditional Access Deep Dive DNS in Entra Private Access Deep Dive SSO in Entra Private Access Entra Private Access and the future of the Entra App Proxy With the addition of both UDP and DNS support to Entra Private Access, the vast majority of scenarios that VPN has been used for in the past can be covered - including Single Sign On with Kerberos.https://chris-brumm.com/2024/09/07/Deep-Dive-DNS-in-Entra-Private-Access/Sat, 07 Sep 2024 00:00:00 +0000https://chris-brumm.com/2024/09/07/Deep-Dive-DNS-in-Entra-Private-Access/A few days ago, Microsoft announced that Global Secure Access is now generally available. Since I have been working with the product for some time now and more and more proof of concepts are being launched, it is high time for me to do a blog series about it. Here is an overview of the parts (planned so far): Overview to Global Secure Access Global Secure Access in Conditional Access Deep Dive DNS in Entra Private Access Deep Dive SSO in Entra Private Access Entra Private Access and the future of the Entra App Proxy With the extension of Entra Private Access, which introduces both UDP and DNS support, the vast majority of scenarios for which VPN was used in the past can be covered.https://chris-brumm.com/2024/08/06/Global-Secure-Access-in-Conditional-Access/Tue, 06 Aug 2024 00:00:00 +0000https://chris-brumm.com/2024/08/06/Global-Secure-Access-in-Conditional-Access/A few days ago, Microsoft announced that Global Secure Access is now generally available. Since I have been working with the product for some time now and more and more proof of concepts are being launched, it is high time for me to do a blog series about it. Here is an overview of the parts (planned so far): Overview to Global Secure Access Global Secure Access in Conditional Access Deep Dive DNS in Entra Private Access Deep Dive SSO in Entra Private Access Entra Private Access and the future of the Entra App Proxy In the overview to Global Secure Access, I particularly emphasized the good integration in Conditional Access for both Microsoft Entra Internet Access and Microsoft Entra Private Access.https://chris-brumm.com/2024/07/30/Overview-to-Global-Secure-Access/Tue, 30 Jul 2024 00:00:00 +0000https://chris-brumm.com/2024/07/30/Overview-to-Global-Secure-Access/A few days ago, Microsoft announced that Global Secure Access is now generally available. Since I have been working with the product for some time now and more and more proof of concepts are being launched, it is high time for me to do a blog series about it. Here is an overview of the parts (planned so far): Overview to Global Secure Access Global Secure Access in Conditional Access Deep Dive DNS in Entra Private Access Deep Dive SSO in Entra Private Access Entra Private Access and the future of the Entra App Proxy What is Global Secure Access?