Microsoft has re-branded the Azure AD (Active Directory) service to now be Entra ID.
We are already seeing the new Entra branding show up in Azure Government with the new Entra portal available at https://entra.microsoft.us.
With the changes there are also two new products within the Entra family:
- Microsoft Entra Private Access – identity-centric Zero Trust Network Access that secures access to private apps and resources. See https://aka.ms/privateaccess for more info.
- Microsoft Entra Internet Access -identity-centric Secure Web Gateway that protects access to internet, software as a service (SaaS), and Microsoft 365 apps and resources. See https://aka.ms/internetaccess for more info.
These products are currently in preview and require opt-in (see steps below)
As of 7-11-2023 the preview for the “Global Secure Access” product is NOT available in Azure Government.
Opting in
- Ensure you are elevated into a Global Admin Role
- Then browse to https://entra.microsoft.com/#view/Microsoft_Azure_Network_Access/Welcome.ReactView.
- Then select “Activate”
Once you opt-in you will want to visit the Global Secure Access Getting Started page.
Key Items to setup once you get the preview going.
- Enable Session Management tenant tagging. Global Secure Access -> Global Settings -> Session Management -> Enable tagging to enforce tenant restrictions on your network = On
- This requires you have “Tenant Restrictions” enabled via https://portal.azure.com/?Microsoft_AAD_IAM_isXTAPTenantRestrictionEnabled=true#view/Microsoft_AAD_IAM/TenantRestrictions.ReactView/isDefault~/true/name//id/
- Enable Session Adaptive Access for Conditional Access. Global Secure Access -> Global Settings -> Session Management -> Adaptive Access -> Enable Global Secure Access signaling in Conditional Access = On
As I work more with the new Private Access and Internet Access products I will post to share my findings.