1
00:00:03,325 --> 00:00:05,855
- Welcome to episode 375
2
00:00:05,875 --> 00:00:08,135
of the Microsoft Cloud IT Pro Podcast
3
00:00:08,695 --> 00:00:11,295
recorded live on April 19th, 2024.
4
00:00:11,725 --> 00:00:14,215
This is a show about Microsoft 365
5
00:00:14,215 --> 00:00:16,575
and Azure from the perspective of it pros
6
00:00:16,575 --> 00:00:19,695
and end users where we discuss
the topic or recent news
7
00:00:19,755 --> 00:00:20,935
and how it relates to you.
8
00:00:21,445 --> 00:00:25,615
This week we'll be discussing
global secure access as part
9
00:00:25,615 --> 00:00:28,415
of the Microsoft Security Service Edge
10
00:00:28,595 --> 00:00:31,855
and how Global Secure Access
brings identity network
11
00:00:32,035 --> 00:00:33,135
and endpoint access.
12
00:00:33,335 --> 00:00:35,775
Together. Under one
service, we'll discuss some
13
00:00:35,775 --> 00:00:38,615
of the services that includes,
that may seem familiar to you
14
00:00:38,675 --> 00:00:41,335
as it relates to Defender
for cloud apps and App Proxy.
15
00:00:41,745 --> 00:00:44,015
We'll also talk about
some of the key features
16
00:00:44,115 --> 00:00:45,735
around internet access
17
00:00:46,155 --> 00:00:48,415
and private access, as well
18
00:00:48,415 --> 00:00:51,535
as the global secure access
clients for Windows and Android
19
00:00:51,555 --> 00:00:54,455
and the upcoming ones
to the Mac OS and iOS.
20
00:00:54,905 --> 00:00:56,815
We'll also talk about the benefits
21
00:00:57,175 --> 00:00:59,135
provided by these
services, taking advantage
22
00:00:59,195 --> 00:01:00,855
of the Microsoft Global wan.
23
00:01:01,485 --> 00:01:03,895
Join us as we take a
deep dive into the world
24
00:01:03,895 --> 00:01:04,895
of digital security
25
00:01:04,895 --> 00:01:08,175
and learn how global secure
access can help you secure
26
00:01:08,245 --> 00:01:09,295
your digital world.
27
00:01:11,525 --> 00:01:14,935
Here we go. Scott, what is
Global Secure access in preview?
28
00:01:15,315 --> 00:01:18,615
That's our topic for today.
Global Secure Access. .
29
00:01:18,765 --> 00:01:21,615
This was, have you played
with global security access?
30
00:01:21,955 --> 00:01:23,775
Oh, Todd's been putting out fires all day.
31
00:01:23,995 --> 00:01:26,375
He said, why not come put
out more fires at my house.
32
00:01:26,815 --> 00:01:28,295
. Alright, good
to know. Todd .
33
00:01:28,295 --> 00:01:29,655
Okay, what is Global
Secure Access Squirrel.
34
00:01:29,665 --> 00:01:31,295
Scott Squirrel. Yeah, global
35
00:01:31,715 --> 00:01:33,295
- Secure Access.
36
00:01:34,285 --> 00:01:36,615
Yeah. So let's see.
37
00:01:37,405 --> 00:01:39,815
This is all about securing
your digital world, right?
38
00:01:40,115 --> 00:01:41,255
That's what I thought. So
39
00:01:41,255 --> 00:01:43,295
- It's secure access globally is
40
00:01:43,295 --> 00:01:44,695
what Global secure access is.
41
00:01:45,055 --> 00:01:47,415
. Yeah. So this is a new feature.
42
00:01:47,525 --> 00:01:50,815
This one was announced
actually, was it Ignite?
43
00:01:50,965 --> 00:01:53,775
When did they change
the name of Azure? Adida
44
00:01:53,935 --> 00:01:54,935
- Entra.
45
00:01:54,935 --> 00:01:56,175
That was back around the Ignite. I
46
00:01:56,175 --> 00:01:57,175
- Think that was Ignite.
47
00:01:57,175 --> 00:01:59,015
- And this was also the introduction
48
00:01:59,675 --> 00:02:03,175
of not just global Secure Access,
49
00:02:03,805 --> 00:02:08,775
this was also the introduction
of the introduction,
50
00:02:09,095 --> 00:02:11,295
a little bit of the rebrand and
51
00:02:11,315 --> 00:02:15,495
and pushing out of the concept
of Security Service Edge
52
00:02:16,075 --> 00:02:17,295
or SSE.
53
00:02:17,445 --> 00:02:21,455
- Yeah. And that was all
announced in kinda since then.
54
00:02:21,525 --> 00:02:25,975
This is, I would say
it's been a slow role of
55
00:02:26,525 --> 00:02:28,575
various services within,
56
00:02:29,285 --> 00:02:32,455
whether you call it various
services within the Secure edge
57
00:02:32,475 --> 00:02:36,775
or even just global secure
access in general has kind
58
00:02:36,775 --> 00:02:38,095
of been a slow rollout
59
00:02:38,095 --> 00:02:41,815
and there's a, I would say
a halfway decent image in
60
00:02:42,365 --> 00:02:43,655
this overview of what it is.
61
00:02:43,915 --> 00:02:47,615
But essentially at a high
level global secure access goes
62
00:02:47,795 --> 00:02:51,975
and takes all of your endpoints,
identities, endpoints,
63
00:02:52,565 --> 00:02:54,175
even remote networks.
64
00:02:54,635 --> 00:02:57,735
So think of identifying traffic
based on the network it's
65
00:02:57,735 --> 00:03:00,925
on, routes it all through
this security service edge
66
00:03:00,925 --> 00:03:04,925
through global secure access
so that all of your traffic
67
00:03:05,545 --> 00:03:08,205
is routing through this
global secure access,
68
00:03:08,205 --> 00:03:10,525
which is a service sitting
out in the Microsoft cloud
69
00:03:11,105 --> 00:03:13,965
before it goes to any number of things.
70
00:03:14,065 --> 00:03:17,925
It could be before it goes
out to Microsoft 365 could be
71
00:03:17,925 --> 00:03:19,285
before it goes out to the internet,
72
00:03:19,385 --> 00:03:23,765
before it goes on premises to
your on premises applications
73
00:03:24,145 --> 00:03:26,405
or even going out to
another cloud service,
74
00:03:26,675 --> 00:03:29,965
whether it's AWS Google
Cloud going out to Azure.
75
00:03:30,345 --> 00:03:34,045
But it's a way to essentially
securely route all of
76
00:03:34,045 --> 00:03:36,205
that traffic wherever it goes
77
00:03:36,305 --> 00:03:40,445
and route it through this
service between your end points
78
00:03:40,445 --> 00:03:42,485
or devices and wherever
they're trying to go.
79
00:03:42,545 --> 00:03:43,965
- That's a good encapsulation.
80
00:03:44,325 --> 00:03:48,165
I think one thing that's
missing in this picture is
81
00:03:49,115 --> 00:03:51,925
some of the buckets should
be a little bit bigger
82
00:03:51,985 --> 00:03:53,645
and maybe have sub components within them.
83
00:03:54,865 --> 00:03:57,685
For example, take Microsoft 365
84
00:03:58,265 --> 00:04:00,125
and some of the things that are part
85
00:04:00,145 --> 00:04:05,085
of Microsoft 365 ish slash
intra idea ish at this point.
86
00:04:05,675 --> 00:04:07,005
Like conditional access.
87
00:04:07,505 --> 00:04:09,045
So how do you extend,
88
00:04:09,345 --> 00:04:12,085
you mentioned like on premises clients, so
89
00:04:12,085 --> 00:04:16,845
how do you extend conditional
access to on-premises clients?
90
00:04:17,265 --> 00:04:20,765
You need to bring those, those clients
91
00:04:21,435 --> 00:04:22,645
both the on-prem client
92
00:04:22,745 --> 00:04:26,325
and maybe the on-prem
application within the purview
93
00:04:26,745 --> 00:04:30,605
and the overarching boundary of entra
94
00:04:31,265 --> 00:04:33,965
and things like Microsoft 365
95
00:04:34,625 --> 00:04:36,845
and that whole stack to put it together.
96
00:04:37,525 --> 00:04:41,805
'cause ultimately what we're
doing with this service suite
97
00:04:41,805 --> 00:04:43,045
of services again, right?
98
00:04:43,045 --> 00:04:44,965
If we think about Security Service Edge
99
00:04:44,985 --> 00:04:48,485
or SSE, it's really comprised
of we're back to bundles
100
00:04:48,945 --> 00:04:50,205
and suites of things.
101
00:04:50,795 --> 00:04:54,365
It's combining this set of
capabilities for both internet
102
00:04:54,505 --> 00:04:57,485
and intranet bound network traffic
103
00:04:58,225 --> 00:05:01,125
and making that all play nicely together.
104
00:05:01,705 --> 00:05:03,365
Not just across the network
105
00:05:03,585 --> 00:05:06,005
but bringing in things
like conditional access.
106
00:05:06,385 --> 00:05:08,045
So you have an identity layer
107
00:05:08,065 --> 00:05:12,605
and an identity boundary plus
a network boundary plus an
108
00:05:13,165 --> 00:05:16,445
endpoint boundary on
your clients themselves.
109
00:05:17,025 --> 00:05:19,085
And we'll talk about what
some of those clients are
110
00:05:19,315 --> 00:05:22,885
that are out there and what's
capable for things today.
111
00:05:23,385 --> 00:05:24,845
So if somebody looks at this
112
00:05:24,845 --> 00:05:28,765
and they're like, haven't
I seen this game before?
113
00:05:29,595 --> 00:05:32,925
This sounds a lot like
defender for cloud apps
114
00:05:33,025 --> 00:05:34,565
and maybe CASB, right?
115
00:05:34,585 --> 00:05:36,965
For access to AWS and GCP
116
00:05:36,965 --> 00:05:40,045
and these external SaaS
services like Slack
117
00:05:40,105 --> 00:05:42,125
and Dropbox, that sounds unique to me.
118
00:05:42,765 --> 00:05:44,605
Intimately familiar, like how we've been
119
00:05:44,605 --> 00:05:45,765
down that path before.
120
00:05:46,305 --> 00:05:49,925
You're talking about things
like proxying connections
121
00:05:50,105 --> 00:05:54,165
and having, having connectivity
through a network layer back
122
00:05:54,185 --> 00:05:56,125
to on-premises resources,
123
00:05:56,225 --> 00:05:59,285
but being able to inject
an identity boundary
124
00:05:59,285 --> 00:06:00,405
through conditional access
125
00:06:00,675 --> 00:06:04,165
that sounds a lot like app
proxy connector, and,
126
00:06:04,165 --> 00:06:05,325
and some of the things that go into that.
127
00:06:05,545 --> 00:06:08,405
So if you've been in this space
a while, you're like, yeah,
128
00:06:08,405 --> 00:06:09,565
something doesn't smell right here.
129
00:06:09,785 --> 00:06:12,765
You're absolutely right. Like
this is still under the hood.
130
00:06:12,825 --> 00:06:14,525
The things that you understood and
131
00:06:14,525 --> 00:06:15,885
and the way you understood them to be
132
00:06:16,195 --> 00:06:18,565
with things like defender
for Cloud x Defender
133
00:06:18,565 --> 00:06:21,365
for cloud apps rather
that whole CASB solution,
134
00:06:21,365 --> 00:06:23,885
sorry cloud access security broker
135
00:06:24,225 --> 00:06:25,485
and putting all that together.
136
00:06:26,025 --> 00:06:29,965
Things like app proxy
support through Azure AD
137
00:06:30,145 --> 00:06:34,525
and app proxy connectors that
guess what that's been here
138
00:06:34,625 --> 00:06:38,045
and and it's brought up
to snuff under this suite
139
00:06:38,045 --> 00:06:40,765
of products with slightly different names.
140
00:06:41,225 --> 00:06:43,485
But I think if you look at
the underlying architecture
141
00:06:43,485 --> 00:06:45,525
and the way those things
compose all the same,
142
00:06:46,035 --> 00:06:47,365
it's just kind of new names
143
00:06:47,625 --> 00:06:51,245
and potentially bringing
all these things together as
144
00:06:51,765 --> 00:06:56,045
a suite of services under one
banner that you can go ahead
145
00:06:56,465 --> 00:07:00,685
and just live a certain kind
of life through depending on
146
00:07:00,685 --> 00:07:02,125
what kind of life you wanna live, right?
147
00:07:02,145 --> 00:07:05,885
Do you want to do things like
monitor traffic externally?
148
00:07:05,985 --> 00:07:08,045
Do you wanna monitor traffic internally?
149
00:07:08,545 --> 00:07:12,285
Do you want to have uh,
those additional operational
150
00:07:12,745 --> 00:07:15,805
and access controls on top of things?
151
00:07:15,865 --> 00:07:16,885
So if you're looking in your,
152
00:07:17,185 --> 00:07:19,685
hey in my environment I
already do the network thing.
153
00:07:19,755 --> 00:07:22,685
Like I have forwarding proxies
154
00:07:23,185 --> 00:07:25,245
and I have all the things in place I need
155
00:07:25,245 --> 00:07:29,405
that protect me across the
various OSI layers on premises
156
00:07:29,705 --> 00:07:31,645
and my outbound traffic
and things like that.
157
00:07:32,495 --> 00:07:34,725
Maybe not the solution for you,
158
00:07:35,025 --> 00:07:38,765
but if you're looking for
more than what you get out
159
00:07:38,765 --> 00:07:41,445
of maybe your traditional
on-premises solutions
160
00:07:42,025 --> 00:07:46,965
and tight integration across
the Microsoft stack and I'm,
161
00:07:46,965 --> 00:07:49,325
and I'm intentional there when
I say across the Microsoft
162
00:07:49,325 --> 00:07:52,805
stack because it's not just
SaaS services in the Microsoft
163
00:07:52,805 --> 00:07:55,205
stack like M 365 or Dynamics.
164
00:07:55,795 --> 00:07:59,725
It's things like Azure and access to Azure
165
00:07:59,725 --> 00:08:03,365
and some of these other internet
connected suites of things
166
00:08:03,635 --> 00:08:07,405
that that exist out
there in that stack it,
167
00:08:07,425 --> 00:08:09,365
it marries all of those together.
168
00:08:09,715 --> 00:08:11,845
Puts them in a nice little bundle
169
00:08:11,905 --> 00:08:15,085
or bucket for you both from
a functionality perspective
170
00:08:15,385 --> 00:08:17,805
and from an administration perspective.
171
00:08:18,025 --> 00:08:19,725
- And I would say like you mentioned
172
00:08:19,985 --> 00:08:21,205
the app proxy stuff, right?
173
00:08:21,225 --> 00:08:24,565
And the CS B stuff. I think this is not,
174
00:08:25,165 --> 00:08:26,965
I would go a step back from what you said
175
00:08:26,965 --> 00:08:30,205
where it's like bundling
those in my impression of this
176
00:08:30,205 --> 00:08:31,285
and from the playing I've done,
177
00:08:31,355 --> 00:08:33,005
it's like an entirely new process.
178
00:08:33,155 --> 00:08:35,765
Instead of bundling those
together, I would almost,
179
00:08:36,365 --> 00:08:37,685
I wanna be careful saying this
180
00:08:37,685 --> 00:08:40,365
because I don't want somebody
to go out and say Ben
181
00:08:40,365 --> 00:08:44,165
and Scott said this was V two,
this is almost, it appears
182
00:08:44,425 --> 00:08:47,005
to be, we'll say the appearance
from everything I've seen
183
00:08:47,005 --> 00:08:48,725
like a V two of app proxy
184
00:08:49,145 --> 00:08:52,965
and of CASB where my understanding of CASB
185
00:08:52,965 --> 00:08:55,245
and some of the uh, cloud app protection
186
00:08:55,465 --> 00:08:57,005
and the stuff that's there today
187
00:08:57,665 --> 00:08:59,845
relied on like the
defender endpoint, right?
188
00:08:59,845 --> 00:09:04,325
Because somehow the existing
cloud app security stuff had
189
00:09:04,325 --> 00:09:05,405
to reach into your machine
190
00:09:05,425 --> 00:09:07,725
and see what, what the traffic
is, where are you going,
191
00:09:07,725 --> 00:09:11,165
what are you visiting
all of that where instead
192
00:09:11,165 --> 00:09:13,485
of still using defender for endpoint
193
00:09:13,785 --> 00:09:15,285
for global secure access
194
00:09:15,305 --> 00:09:18,205
and you said we'll talk about
this, there's actually a new
195
00:09:18,815 --> 00:09:21,565
agent that you install
on your device for these
196
00:09:22,055 --> 00:09:24,205
where it's instead of like
197
00:09:24,725 --> 00:09:26,885
defender sitting there monitoring it,
198
00:09:27,115 --> 00:09:29,565
this is almost like setting up
199
00:09:30,305 --> 00:09:32,925
and it may even be doing similar
in the background setting
200
00:09:32,925 --> 00:09:35,085
up A VPN on your client devices
201
00:09:35,585 --> 00:09:37,965
and I feel like Defender
Endpoint was sitting off
202
00:09:37,965 --> 00:09:39,725
to the side watching what you were doing
203
00:09:39,745 --> 00:09:40,925
and sending some of that back.
204
00:09:41,115 --> 00:09:43,485
This is literally routing
all of your traffic
205
00:09:43,835 --> 00:09:45,765
through a secure VPN
206
00:09:45,765 --> 00:09:48,685
or secure connection through
this global secure access
207
00:09:48,705 --> 00:09:51,885
to do things like, and it's
probably similar to that proxy
208
00:09:52,065 --> 00:09:54,685
but I think more of the
CASB stuff, I don't know
209
00:09:54,685 --> 00:09:55,805
that I wanna say more invasive
210
00:09:56,065 --> 00:09:58,805
but it's watching a lot
more of that network traffic
211
00:09:58,805 --> 00:10:00,245
because it's routing it all
212
00:10:00,245 --> 00:10:02,965
through this global
secure access endpoint. So
213
00:10:02,965 --> 00:10:05,005
- The CASB stuff was
invasive as well, right?
214
00:10:05,025 --> 00:10:06,525
It was a local agent.
215
00:10:06,795 --> 00:10:08,885
Your traffic absolutely passed through
216
00:10:08,965 --> 00:10:10,485
that thing for monitoring.
217
00:10:10,725 --> 00:10:12,845
I think the big difference here is
218
00:10:13,665 --> 00:10:16,725
it is much more VP nish at
the end of the day, right?
219
00:10:16,875 --> 00:10:19,925
Like you are doing a virtual
private network effectively.
220
00:10:19,925 --> 00:10:22,645
Yep. And the connectivity for
221
00:10:22,645 --> 00:10:25,565
that VPN if you think
about performance of A VPN
222
00:10:25,565 --> 00:10:27,165
and having to tunnel
223
00:10:27,425 --> 00:10:28,925
and connects through an endpoint
224
00:10:28,925 --> 00:10:31,685
where those endpoints sit has a big,
225
00:10:32,305 --> 00:10:34,045
no pun intended like network effect
226
00:10:34,265 --> 00:10:37,005
and knock on effect to customer experience
227
00:10:37,465 --> 00:10:38,805
and client latency.
228
00:10:39,025 --> 00:10:42,405
And I think those were
potential issues with some
229
00:10:42,405 --> 00:10:44,565
of the kind of traditional CASB approach
230
00:10:44,865 --> 00:10:49,245
and there was also just
the general, hey like
231
00:10:49,395 --> 00:10:51,445
what do I get out of doing this solution?
232
00:10:51,825 --> 00:10:55,805
So like that CASB approach
was really good for routing
233
00:10:56,105 --> 00:10:59,245
and monitoring for
external SaaS solutions.
234
00:10:59,625 --> 00:11:01,245
It wasn't good for the app proxy thing
235
00:11:01,365 --> 00:11:03,525
'cause you still needed the
app proxy thing on the side.
236
00:11:03,795 --> 00:11:06,085
What this does with global secure access
237
00:11:06,465 --> 00:11:07,645
and the client,
238
00:11:08,075 --> 00:11:11,485
what it lets you do is it lets
you basically say, hey now
239
00:11:11,485 --> 00:11:13,605
that all this stuff is
under one suite of services,
240
00:11:14,305 --> 00:11:15,965
let me have a singular client
241
00:11:16,105 --> 00:11:17,565
and then I can take that client
242
00:11:17,905 --> 00:11:21,445
and I can affect change in client behavior
243
00:11:21,905 --> 00:11:23,565
by pushing traffic profiles
244
00:11:23,585 --> 00:11:27,445
so I can have a traffic
profile from Microsoft 365,
245
00:11:28,005 --> 00:11:29,405
I can have a traffic profile
246
00:11:29,545 --> 00:11:31,965
for my internal applications,
that kind of thing.
247
00:11:32,225 --> 00:11:35,405
And then it all passes
through that one agent,
248
00:11:35,955 --> 00:11:37,285
that VPN connection, right?
249
00:11:37,285 --> 00:11:38,845
Which is giving you a tunnel back to
250
00:11:39,385 --> 00:11:41,125
what's effectively the Microsoft wan.
251
00:11:41,465 --> 00:11:44,125
So this is another like
kind of thing, right?
252
00:11:44,125 --> 00:11:46,165
As as when I talk about like limitations
253
00:11:46,165 --> 00:11:48,005
of the old stuff versus the new stuff,
254
00:11:48,345 --> 00:11:50,725
now you're given connectivity
just straight up back
255
00:11:50,725 --> 00:11:52,885
to the MS WAN N which
is really interesting
256
00:11:52,965 --> 00:11:56,445
because Microsoft, for folks
who go out and look at the side
257
00:11:56,705 --> 00:12:00,685
or like their networking
geeks has a massive WAN like
258
00:12:00,795 --> 00:12:03,845
massive network, tons of dark fiber.
259
00:12:04,465 --> 00:12:06,965
If you think about the
way like Azure regions
260
00:12:06,985 --> 00:12:10,165
and Microsoft 365 regions
are all connected together.
261
00:12:10,515 --> 00:12:12,245
Like there's a ton of bandwidth
262
00:12:12,245 --> 00:12:14,805
and a ton of capabilities
there just within the core
263
00:12:14,805 --> 00:12:18,445
network, let alone all the
segments for that network
264
00:12:18,585 --> 00:12:23,205
and where they push out to,
especially on the edge with pops
265
00:12:23,205 --> 00:12:24,245
and and things like that.
266
00:12:24,625 --> 00:12:27,525
So you're basically
talking about like A VPN
267
00:12:27,865 --> 00:12:30,205
that's smart enough to locally route
268
00:12:30,345 --> 00:12:34,805
to the closest edge site And
an edge site could be a region,
269
00:12:35,105 --> 00:12:37,565
it could be a pop, but you're looking at
270
00:12:38,265 --> 00:12:41,725
all up 140 ish regions.
271
00:12:42,145 --> 00:12:45,125
So that lets you know that it's
more than just Azure, right?
272
00:12:45,125 --> 00:12:46,925
Because Azure has give or take
273
00:12:47,255 --> 00:12:48,445
- 60 ish, right?
274
00:12:48,685 --> 00:12:49,965
- I can never remember the exact number
275
00:12:49,965 --> 00:12:51,965
because there's all sorts of like canaries
276
00:12:52,025 --> 00:12:53,645
and E UAPs and things like that.
277
00:12:53,995 --> 00:12:56,005
Yeah, it's on the order of 60 ish, 60
278
00:12:56,065 --> 00:12:57,365
to 70, something like that.
279
00:12:58,145 --> 00:13:01,765
But way more regions
here plus all the pops
280
00:13:01,765 --> 00:13:05,285
that exist out there or all
the edge sites for that wan.
281
00:13:05,345 --> 00:13:10,165
So 140 plus regions,
190 plus pops all ready
282
00:13:10,185 --> 00:13:12,045
to go kind of sitting there.
283
00:13:12,185 --> 00:13:15,605
So hopefully, and from
what I've seen of this uh
284
00:13:15,705 --> 00:13:18,205
and experienced with it,
like the knock on effects
285
00:13:18,265 --> 00:13:20,125
of things like client latency,
286
00:13:20,475 --> 00:13:24,085
they're vastly diminished
in this solution versus
287
00:13:24,275 --> 00:13:27,765
what I used to encounter
in the CASB world.
288
00:13:28,345 --> 00:13:32,525
But the cool thing is even
for app proxy connections,
289
00:13:32,525 --> 00:13:36,045
things like that because
now you have the VPN tunnel
290
00:13:36,045 --> 00:13:37,765
between your client and that edge site
291
00:13:38,035 --> 00:13:39,325
that can broker everything up.
292
00:13:39,345 --> 00:13:41,485
It can pass it through
the WAN for evaluation
293
00:13:41,945 --> 00:13:44,325
by being passed through
the WAN for evaluation.
294
00:13:44,705 --> 00:13:46,725
And this is where I was saying
that graphic maybe it wasn't
295
00:13:46,725 --> 00:13:48,485
the greatest thing 'cause
really you wanted like there
296
00:13:48,485 --> 00:13:50,845
wanted there to be like a big
circle around the whole thing.
297
00:13:50,845 --> 00:13:53,205
Yep. Which included stuff
like conditional access in it.
298
00:13:53,425 --> 00:13:54,845
So hey, how, how do I take
299
00:13:54,845 --> 00:13:58,285
and put conditional access in
front of an on-premises app?
300
00:13:58,395 --> 00:14:00,925
Have you been able to do
that in the past? Absolutely.
301
00:14:01,545 --> 00:14:03,125
Did it require additional functionality
302
00:14:03,265 --> 00:14:05,205
and was it rolled up
into a singular solution?
303
00:14:05,945 --> 00:14:07,045
No, not so much, right?
304
00:14:07,045 --> 00:14:08,725
That that, that was the friction
305
00:14:08,725 --> 00:14:10,005
and things that came along with it.
306
00:14:10,345 --> 00:14:13,565
You're picking that piece up here.
307
00:14:14,355 --> 00:14:17,845
This new client effectively
gives you VPN plus a traffic
308
00:14:17,865 --> 00:14:20,605
filter that can monitor both for internal
309
00:14:20,605 --> 00:14:23,525
and external bound traffic based on
310
00:14:23,605 --> 00:14:25,125
profiles that you can configure.
311
00:14:25,505 --> 00:14:27,965
And then based on the
destination of that traffic,
312
00:14:28,155 --> 00:14:31,045
then you get all the other
operational things on top of it
313
00:14:31,045 --> 00:14:33,565
that you might want like
identity and conditional access.
314
00:14:33,715 --> 00:14:35,085
- This is where like when you go in
315
00:14:35,085 --> 00:14:38,085
and do some of those profiles,
we were looking at this
316
00:14:38,625 --> 00:14:40,645
the other day, now I'm
gonna have to remember
317
00:14:40,645 --> 00:14:42,725
where all my profile settings are.
318
00:14:43,105 --> 00:14:44,685
You do have those different profiles
319
00:14:44,745 --> 00:14:46,805
so you can go create those profiles
320
00:14:46,805 --> 00:14:48,005
for your internet traffic and
321
00:14:48,005 --> 00:14:49,645
for your Microsoft 365 traffic.
322
00:14:49,785 --> 00:14:52,925
And one of the interesting
things that I saw
323
00:14:53,505 --> 00:14:54,885
in here when you're going
324
00:14:54,905 --> 00:14:57,845
and setting up some of
those profiles is that
325
00:14:58,625 --> 00:15:01,365
it starts giving you some
additional functionality
326
00:15:01,505 --> 00:15:05,125
and now I'm losing all my
connectors traffic forwarding.
327
00:15:05,245 --> 00:15:06,805
I think that's where my profiles are. Yes.
328
00:15:07,155 --> 00:15:10,565
Like you can go into your
Microsoft 365 profile
329
00:15:10,985 --> 00:15:14,005
and set up different
policies within it too
330
00:15:14,275 --> 00:15:15,525
that let you go in
331
00:15:15,905 --> 00:15:20,045
and set up like what
exchange traffic is going.
332
00:15:20,105 --> 00:15:23,485
It gives you all the fully
qualified domain names,
333
00:15:23,485 --> 00:15:27,045
the IP subnets of your
Outlook traffic and SharePoint
334
00:15:27,065 --> 00:15:29,565
and OneDrive and some of your
common office applications.
335
00:15:29,905 --> 00:15:31,405
But this is also now
336
00:15:31,405 --> 00:15:35,645
because of running through
this VPN, there's options
337
00:15:35,865 --> 00:15:37,005
to even go in
338
00:15:37,005 --> 00:15:41,245
and enable a lot more logging
of your Microsoft 365 traffic.
339
00:15:41,345 --> 00:15:44,565
And this is one thing that's
still slowly rolling out
340
00:15:44,565 --> 00:15:47,445
where you can go in and
get like enhanced logging
341
00:15:47,505 --> 00:15:49,565
and we've talked about some of
the logs that are available.
342
00:15:49,875 --> 00:15:51,765
It's 'cause you enhanced
logging I think of exchange
343
00:15:51,765 --> 00:15:54,085
and SharePoint like teams is still coming.
344
00:15:54,345 --> 00:15:55,365
I'd imagine there's a bunch
345
00:15:55,365 --> 00:15:57,485
of other stuff still coming as well.
346
00:15:58,025 --> 00:15:59,805
And then for internet access
347
00:16:00,505 --> 00:16:02,565
web content filtering has been there
348
00:16:02,665 --> 00:16:04,805
for a while in Microsoft 365
349
00:16:04,825 --> 00:16:07,045
and this is another one
that gets rolled in.
350
00:16:07,065 --> 00:16:10,525
But now with your internet
access profile, you can go into
351
00:16:10,525 --> 00:16:13,125
and do things like web
content filtering policies
352
00:16:13,215 --> 00:16:15,165
where if you wanna go in
353
00:16:15,425 --> 00:16:19,205
and create a policy to
block certain websites
354
00:16:19,385 --> 00:16:23,765
or to block different
categories of websites
355
00:16:24,385 --> 00:16:28,165
you can go, it brings in
that web traffic filtering
356
00:16:28,165 --> 00:16:31,165
that you, it's buried down within defender
357
00:16:31,805 --> 00:16:33,005
I think in the security center.
358
00:16:33,385 --> 00:16:34,885
But it brings that into here too.
359
00:16:34,945 --> 00:16:37,405
So you can go start
filtering that web content.
360
00:16:37,625 --> 00:16:40,005
And this is another one
I've had clients ask about,
361
00:16:40,095 --> 00:16:42,765
especially over the last few years when
362
00:16:42,765 --> 00:16:44,005
everybody's starting to work remotely.
363
00:16:44,485 --> 00:16:46,565
A lot of this used to be done
at the firewall level, right?
364
00:16:46,565 --> 00:16:50,605
People would've devices,
DNS, custom, DNS, all kinds
365
00:16:50,605 --> 00:16:51,845
of things to filter traffic.
366
00:16:51,985 --> 00:16:53,245
If you were internal to the network
367
00:16:53,515 --> 00:16:55,885
with everybody working from home three
368
00:16:55,885 --> 00:16:58,565
or four years ago, the number
of calls I had about help,
369
00:16:58,565 --> 00:17:00,845
we overloaded our VPN
370
00:17:00,915 --> 00:17:03,765
because we're still requiring
everybody to go to VPN
371
00:17:03,905 --> 00:17:05,405
for some of this functionality
372
00:17:05,745 --> 00:17:08,565
and it just couldn't support
6,000 people all working from
373
00:17:08,565 --> 00:17:09,565
home over VPN.
374
00:17:09,955 --> 00:17:11,845
This goes in and takes
care of a lot of that
375
00:17:11,845 --> 00:17:14,485
because now instead of to
your point Scott, instead
376
00:17:14,485 --> 00:17:16,445
of relying on your VPN
377
00:17:16,585 --> 00:17:21,085
or your teeny tiny WAN
setup, respective to
378
00:17:21,085 --> 00:17:24,285
what Microsoft's network
is, you can get a lot of
379
00:17:24,285 --> 00:17:27,885
that performance without
having to rely on premises VPNs
380
00:17:27,885 --> 00:17:30,085
or on premises networks to do a lot
381
00:17:30,085 --> 00:17:33,885
of this web content filtering,
advanced logging, all of
382
00:17:33,885 --> 00:17:36,245
that is a lot of that type
of functionality begins
383
00:17:36,245 --> 00:17:40,125
to roll out and come to this
global secure access. The
384
00:17:40,125 --> 00:17:43,205
- Scale component is
interesting that call out to
385
00:17:43,765 --> 00:17:45,325
140 plus regions
386
00:17:45,825 --> 00:17:49,285
and 190 edge sites,
387
00:17:49,505 --> 00:17:52,085
that's not just about
things like client latency,
388
00:17:52,515 --> 00:17:55,925
it's also about capacity
of the Microsoft WAN in,
389
00:17:56,605 --> 00:17:59,085
I don't know many folks
who are running, running
390
00:17:59,085 --> 00:18:01,605
around even in their local environments
391
00:18:02,115 --> 00:18:04,885
with petabytes per second of capacity.
392
00:18:05,325 --> 00:18:07,405
, right? like
we're not talking gigabits a
393
00:18:07,405 --> 00:18:09,165
second year, we're not
talking megabits a second,
394
00:18:09,335 --> 00:18:13,165
we're talking like PETA bit
scale like petabits a second
395
00:18:13,945 --> 00:18:15,965
and the contention issues
396
00:18:16,065 --> 00:18:17,965
and all the other things
that can come into play there
397
00:18:18,865 --> 00:18:20,805
do go away, right?
398
00:18:20,805 --> 00:18:23,445
Like your constraint effectively
becomes like the client
399
00:18:23,545 --> 00:18:25,125
and does my client have internet access?
400
00:18:25,125 --> 00:18:26,565
And that's a problem that you've had
401
00:18:26,565 --> 00:18:28,205
to solve the entire way along anyway.
402
00:18:28,425 --> 00:18:31,885
So that constraint really
hasn't moved around for you
403
00:18:32,505 --> 00:18:33,525
in a meaningful way.
404
00:18:33,675 --> 00:18:35,565
Some of this stuff's a little
weird to be honest with you.
405
00:18:35,965 --> 00:18:40,885
I don't understand why
log enrichment is tied to
406
00:18:41,515 --> 00:18:44,965
this client because if
you look at the logs
407
00:18:45,185 --> 00:18:49,285
and what event enrichment
actually means ,
408
00:18:49,755 --> 00:18:53,165
it's things for SharePoint
online having an event
409
00:18:53,305 --> 00:18:55,365
for say SharePoint for file deleted,
410
00:18:55,625 --> 00:18:57,805
you should already have a
file deleted event for teams.
411
00:18:57,955 --> 00:18:59,965
It's about having app
installed for exchange.
412
00:19:00,035 --> 00:19:03,965
It's about new inbox rule,
new transport rule things.
413
00:19:04,275 --> 00:19:05,885
There's no magic sauce there
414
00:19:05,885 --> 00:19:08,285
that couldn't be enabled
in the SaaS service anyway.
415
00:19:08,285 --> 00:19:10,405
Like it's a weird
gatekeeping kind of thing
416
00:19:10,465 --> 00:19:11,765
to me. But I don't know,
417
00:19:11,885 --> 00:19:14,325
- I want go in and look
at more I encountered,
418
00:19:14,635 --> 00:19:16,925
this is another episode. They
419
00:19:16,925 --> 00:19:19,205
- Published the schema
for what they enrich
420
00:19:19,305 --> 00:19:20,845
and watch the what they push out there.
421
00:19:21,705 --> 00:19:25,845
And if you look at the
enrichment schema, it's,
422
00:19:26,065 --> 00:19:27,065
- Oh look at
- This.
423
00:19:27,115 --> 00:19:28,565
It's not a very special thing.
424
00:19:28,755 --> 00:19:30,165
Like, like you, you will not be
425
00:19:30,325 --> 00:19:31,525
enthralled when you see that list.
426
00:19:35,465 --> 00:19:37,005
- Do you feel overwhelmed by trying
427
00:19:37,005 --> 00:19:39,125
to manage your Office 365 environment?
428
00:19:39,265 --> 00:19:41,285
Are you facing unexpected issues
429
00:19:41,285 --> 00:19:43,125
that disrupt your company's productivity?
430
00:19:43,155 --> 00:19:45,965
Intelligent is here to help
much like you take your car
431
00:19:45,965 --> 00:19:48,645
to the mechanic that has
specialized knowledge on how
432
00:19:48,645 --> 00:19:51,365
to best keep your car
running intelligent helps you
433
00:19:51,365 --> 00:19:53,085
with your Microsoft cloud environment
434
00:19:53,085 --> 00:19:54,525
because that's their expertise.
435
00:19:54,635 --> 00:19:55,965
Intelligent keeps up
436
00:19:55,965 --> 00:19:58,165
with the latest updates
in the Microsoft cloud
437
00:19:58,185 --> 00:19:59,685
to help keep your business running
438
00:20:00,045 --> 00:20:01,205
smoothly and ahead of the curve.
439
00:20:01,275 --> 00:20:03,165
Whether you are a small organization
440
00:20:03,165 --> 00:20:05,645
with just a few users
up to an organization
441
00:20:05,645 --> 00:20:08,925
of several thousand employees,
they want to partner with you
442
00:20:08,945 --> 00:20:12,325
to implement and administer
your Microsoft Cloud technology,
443
00:20:12,775 --> 00:20:16,285
visit them at intelligent.com/podcast.
444
00:20:16,745 --> 00:20:21,245
That's I-N-T-E-L-L-I-G-I-N
445
00:20:21,325 --> 00:20:24,925
k.com/podcast for more information
446
00:20:24,985 --> 00:20:26,565
or to schedule a 30 minute call
447
00:20:26,585 --> 00:20:27,925
to get started with them today.
448
00:20:28,765 --> 00:20:31,325
Remember intelligent focuses
on the Microsoft cloud
449
00:20:31,425 --> 00:20:33,125
so you can focus on your business.
450
00:20:35,825 --> 00:20:38,405
So I'm wondering though
Scott, like looking
451
00:20:38,405 --> 00:20:40,765
through this like you said
for SharePoint, for OneDrive,
452
00:20:40,765 --> 00:20:43,405
file deleted file
downloaded, file recycled,
453
00:20:44,055 --> 00:20:45,965
those are absolutely already logged.
454
00:20:46,315 --> 00:20:48,085
Does this somehow give you,
455
00:20:48,345 --> 00:20:49,885
and this article doesn't have it,
456
00:20:50,065 --> 00:20:52,045
- Why would it be
documented and tell you that
457
00:20:52,595 --> 00:20:53,595
- Idea?
458
00:20:53,595 --> 00:20:53,805
Oh lemme talk about documentation,
459
00:20:53,905 --> 00:20:55,045
how I feel about it right now.
460
00:20:55,315 --> 00:20:58,885
Does it give you additional
details about it from the
461
00:20:58,885 --> 00:21:01,325
perspective of a new inbox
rule is created right now.
462
00:21:01,325 --> 00:21:03,365
You can see the endpoint
that it's created from.
463
00:21:03,815 --> 00:21:05,005
Maybe you can see the client,
464
00:21:05,585 --> 00:21:09,725
but does it give you not so
much, these are new activities
465
00:21:09,725 --> 00:21:13,525
that are logged but it's
additional information about these
466
00:21:13,735 --> 00:21:16,405
activities that they're able to log
467
00:21:16,405 --> 00:21:19,045
because it's watching the network traffic.
468
00:21:19,325 --> 00:21:20,725
I don't, again, it doesn't say
469
00:21:20,725 --> 00:21:22,685
because to your point, why
would it be documented?
470
00:21:22,905 --> 00:21:26,405
But it talks about enrichment
of these logs, not necessarily
471
00:21:27,225 --> 00:21:29,445
new logging activities.
472
00:21:29,925 --> 00:21:32,605
I wonder what are those additional details
473
00:21:33,275 --> 00:21:37,085
that you're getting when these
are enrich when these logs
474
00:21:37,085 --> 00:21:38,845
or these operations are enriched
475
00:21:38,845 --> 00:21:40,805
with data from global secure access. If
476
00:21:40,825 --> 00:21:42,925
- I'm remembering right, it's
been a hot minute side looks
477
00:21:43,105 --> 00:21:44,765
so yeah it is additional details
478
00:21:45,415 --> 00:21:47,245
about the clients and things like that.
479
00:21:47,835 --> 00:21:52,325
It's also a little weird
the way you pump these out
480
00:21:53,025 --> 00:21:54,965
and this has been a moving
target as they shift
481
00:21:54,965 --> 00:21:57,325
around the way audit logs in general are,
482
00:21:57,325 --> 00:21:59,085
are manifested within the admin center.
483
00:21:59,705 --> 00:22:02,085
But this brings it under the same banner
484
00:22:02,745 --> 00:22:05,725
as things like your regular
audit logs sign-in logs,
485
00:22:05,725 --> 00:22:08,885
things like that where you can
pump it out to log analytics
486
00:22:09,065 --> 00:22:10,485
or send it to event hubs
487
00:22:10,825 --> 00:22:14,085
and very much like the
Azure ish diagnostic
488
00:22:14,085 --> 00:22:15,405
setting kind of thing.
489
00:22:15,405 --> 00:22:17,765
If you think about like
configuring a diagnostic setting,
490
00:22:17,875 --> 00:22:19,605
it's also a little bit weird
491
00:22:20,345 --> 00:22:22,205
and I haven't had a chance to play around
492
00:22:22,205 --> 00:22:23,245
with it in a mixed environment.
493
00:22:23,745 --> 00:22:26,685
But if you go and configure this
494
00:22:27,105 --> 00:22:31,045
and look to light it up, so
if you went into your tenancy,
495
00:22:31,305 --> 00:22:33,285
you should see this within your tenant,
496
00:22:33,905 --> 00:22:37,125
you should have diagnostic
logs someplace in there. I
497
00:22:37,125 --> 00:22:38,125
- Don't see it.
498
00:22:38,125 --> 00:22:40,165
Dashboards see and this is,
499
00:22:40,475 --> 00:22:41,475
- It's under identity.
500
00:22:41,665 --> 00:22:44,085
So go under the identity admin center.
501
00:22:44,435 --> 00:22:45,765
It's like monitoring and health
502
00:22:46,315 --> 00:22:47,845
diagnostics, something like that.
503
00:22:48,305 --> 00:22:52,525
- Uh, monitoring and
health diagnostic settings.
504
00:22:52,875 --> 00:22:55,045
- This looks a lot like
Azure all of a sudden
505
00:22:55,385 --> 00:22:56,385
- It is.
506
00:22:56,385 --> 00:22:58,485
I mean this is your
diagnostic logs from Yep,
507
00:22:58,875 --> 00:23:02,085
this looks like diagnostic logs
508
00:23:02,795 --> 00:23:04,485
essentially Diagnostic sign-in
509
00:23:04,595 --> 00:23:05,605
- Logs, that's Sentinel.
510
00:23:05,605 --> 00:23:08,125
Yep. So go ahead and click
add diagnostic setting there.
511
00:23:08,345 --> 00:23:10,165
So in this experience
now you have your audit
512
00:23:10,235 --> 00:23:11,285
logs, you have your sign-in logs.
513
00:23:11,465 --> 00:23:14,205
If you scroll down towards
the bottom you have a separate
514
00:23:14,505 --> 00:23:18,005
log category for the enriched logs.
515
00:23:18,075 --> 00:23:20,925
Yeah. So with this kind of flexibility,
516
00:23:21,195 --> 00:23:23,565
like you could even do things
like maybe take your enrich
517
00:23:23,715 --> 00:23:25,525
logs versus your sign-in logs
518
00:23:25,525 --> 00:23:28,765
and send those off to different
log analytics workspaces.
519
00:23:28,765 --> 00:23:31,445
Maybe you wanna evaluate in
another one in another place
520
00:23:31,445 --> 00:23:32,965
like Splunk or something like that.
521
00:23:33,025 --> 00:23:35,285
Hey, I'm gonna send my
sign-in logs over here
522
00:23:35,305 --> 00:23:37,765
to this event hub and eventually
route 'em through to Splunk
523
00:23:37,765 --> 00:23:38,925
with my custom connector.
524
00:23:39,505 --> 00:23:42,805
I'm going to pump my enrich logs over
525
00:23:42,805 --> 00:23:44,325
to this log analytics workspace.
526
00:23:44,745 --> 00:23:47,405
I'm gonna send these things
over to a storage account just
527
00:23:47,405 --> 00:23:49,725
for archiving whatever it happens to be.
528
00:23:50,265 --> 00:23:52,525
You can do all those on that side.
529
00:23:52,845 --> 00:23:55,405
I don't know, diagnostics in M 365
530
00:23:55,725 --> 00:23:56,765
continue to be confusing to me.
531
00:23:56,925 --> 00:23:58,805
I don't understand why they're gate kept
532
00:23:58,805 --> 00:24:00,165
behind additional licensing
533
00:24:00,165 --> 00:24:01,725
and additional features and functionality.
534
00:24:02,075 --> 00:24:03,605
Frankly, observability
535
00:24:03,745 --> 00:24:05,685
and logging should be free , right?
536
00:24:05,755 --> 00:24:08,605
Like I get it costs money
to store text someplace,
537
00:24:09,465 --> 00:24:12,285
but folks should figure,
figure that out, right?
538
00:24:12,425 --> 00:24:14,525
If it's a, if it's a true
value add thing, okay,
539
00:24:14,525 --> 00:24:15,565
if it's got enriched in it
540
00:24:15,565 --> 00:24:16,645
and it actually enriches the
541
00:24:16,645 --> 00:24:18,245
experience, sure give that to me.
542
00:24:18,245 --> 00:24:20,245
But if it's out of the
box, like just give it
543
00:24:20,245 --> 00:24:21,485
to me out of the box, right?
544
00:24:21,545 --> 00:24:23,365
It should be there for me ready to go.
545
00:24:23,605 --> 00:24:26,045
- I have a whole nother topic
we could talk about on another
546
00:24:26,045 --> 00:24:28,205
podcast around this that
came up with a client
547
00:24:28,385 --> 00:24:30,725
around auditing exchange activities.
548
00:24:30,995 --> 00:24:33,565
This one was fascinating
that I did not realize,
549
00:24:33,985 --> 00:24:36,325
but it's absolutely going
down a different rabbit hole
550
00:24:36,395 --> 00:24:37,645
that has nothing to do with global
551
00:24:37,665 --> 00:24:38,665
- Secure access.
552
00:24:38,665 --> 00:24:39,485
Write that down. All
right, we'll take a note,
553
00:24:39,485 --> 00:24:40,765
we'll take a note on that,
put that in the parking
554
00:24:40,785 --> 00:24:42,445
lot, we'll come back to it later.
555
00:24:42,665 --> 00:24:44,405
So anyways, so these clients, right?
556
00:24:44,705 --> 00:24:47,005
It is an application that gets installed
557
00:24:47,235 --> 00:24:50,205
that effectively deploys its
capability to do a VPN tunnel.
558
00:24:50,385 --> 00:24:53,005
It is Windows and Android only today.
559
00:24:53,265 --> 00:24:57,005
So all this stuff's in preview
like moving target preview is
560
00:24:57,005 --> 00:24:58,365
not production, blah blah blah.
561
00:24:58,545 --> 00:25:00,125
All that good stuff. For disclaimers,
562
00:25:00,765 --> 00:25:02,845
I think Windows clients are
probably the most interesting,
563
00:25:03,065 --> 00:25:06,125
the most turnkey for M
365 subscribers, right?
564
00:25:06,125 --> 00:25:09,125
Who are probably de deploying
things like office onto their
565
00:25:09,125 --> 00:25:12,525
desktops and and wanting to
track and monitor all that.
566
00:25:13,065 --> 00:25:16,405
So Windows, windows clients 64 bit only.
567
00:25:16,905 --> 00:25:20,965
If you're operating in a mode with,
568
00:25:21,345 --> 00:25:23,765
you've got mixed mode like enterra joined,
569
00:25:23,765 --> 00:25:24,845
hybrid joined devices,
570
00:25:25,445 --> 00:25:26,925
registered devices, all
those kinds of things.
571
00:25:27,725 --> 00:25:30,485
Registered devices don't
qualify today for that.
572
00:25:31,025 --> 00:25:34,365
And the deployment of the client requires
573
00:25:35,015 --> 00:25:38,805
enter ID P ones, which is another
important one to call out.
574
00:25:39,065 --> 00:25:40,645
So there is, it's not just hey
575
00:25:40,645 --> 00:25:41,845
like I need to deploy the client.
576
00:25:42,155 --> 00:25:43,765
Cool thing is you can deploy the client
577
00:25:43,765 --> 00:25:46,845
through things like we
talked about Intune for
578
00:25:46,875 --> 00:25:48,165
what seems like three months
579
00:25:48,665 --> 00:25:50,965
and in one of those Intune
reviews that we did,
580
00:25:51,105 --> 00:25:53,365
we talked about things
like app deployments.
581
00:25:53,385 --> 00:25:56,885
So you could totally push
out this through Intune
582
00:25:57,025 --> 00:25:58,205
and have it come down
583
00:25:58,265 --> 00:26:01,845
and then it gets its configuration
based on cloud service
584
00:26:02,185 --> 00:26:03,205
and things like that.
585
00:26:03,465 --> 00:26:06,005
Fairly flexible, super easy to set up.
586
00:26:06,265 --> 00:26:08,445
Oh, one last note on setup here.
587
00:26:08,655 --> 00:26:10,285
Weird one but really not that weird.
588
00:26:10,545 --> 00:26:12,685
It requires admin, admin access
589
00:26:12,685 --> 00:26:15,085
to install on Windows clients at least.
590
00:26:15,785 --> 00:26:17,685
And it makes sense, right?
591
00:26:17,685 --> 00:26:19,045
You're deploying a new VPN,
592
00:26:19,045 --> 00:26:21,405
you're deploying a new
network filter on top of it.
593
00:26:21,865 --> 00:26:24,725
So keep that in mind. So
client deployment is actually
594
00:26:25,335 --> 00:26:27,285
super lightweight.
595
00:26:27,645 --> 00:26:30,245
I think it's just lack of
support in places, right?
596
00:26:30,695 --> 00:26:33,805
64 bit only doesn't support arms. 64
597
00:26:34,035 --> 00:26:35,685
- Doesn't support multi-session.
598
00:26:35,795 --> 00:26:37,085
This is another interesting one.
599
00:26:37,085 --> 00:26:39,805
If you do an A VD, it
doesn't support multi-session
600
00:26:39,865 --> 00:26:42,565
and it doesn't support multiple
user sessions on the same
601
00:26:42,625 --> 00:26:44,245
device from RDP.
602
00:26:44,315 --> 00:26:46,485
- It's another limitation
that's out there.
603
00:26:46,705 --> 00:26:49,365
It does support Windows 365 dev box.
604
00:26:49,395 --> 00:26:51,085
There's no explicit callouts
605
00:26:51,085 --> 00:26:53,765
for supportive things like
dev box or anything like that.
606
00:26:54,245 --> 00:26:56,525
I imagine that it works over there.
607
00:26:57,085 --> 00:26:58,605
I, I'd have to spin up
a dev box to try it out.
608
00:26:58,605 --> 00:27:00,365
Like I, I can't think of any restriction
609
00:27:00,365 --> 00:27:03,045
that would be there other
than maybe a supportability
610
00:27:03,385 --> 00:27:04,605
but it's all preview today
611
00:27:04,705 --> 00:27:07,165
so support's gonna be a a
weird one for you anyway.
612
00:27:07,225 --> 00:27:10,205
- And I'm running this like I'm
running it on my Windows 365
613
00:27:10,215 --> 00:27:13,685
cloud PC because that's
technically a single session A VD
614
00:27:13,865 --> 00:27:16,525
and I think dev box would fall
into that same boat dev box
615
00:27:16,945 --> 00:27:19,245
for all practical purposes is a single
616
00:27:19,245 --> 00:27:21,445
session a VD environment.
617
00:27:21,745 --> 00:27:23,445
So it should work on those.
618
00:27:24,125 --> 00:27:26,645
I would say you mentioned
Windows and Mac or Windows
619
00:27:26,705 --> 00:27:27,845
and Android, Mac
620
00:27:27,845 --> 00:27:31,765
and iOS is coming, it is
in private preview yet.
621
00:27:31,825 --> 00:27:33,725
So you have to like I imagine Mac
622
00:27:33,725 --> 00:27:36,925
and iOS, they're maybe running
into the whole test flight
623
00:27:37,195 --> 00:27:40,205
limitations when you're doing
stuff in private preview
624
00:27:40,305 --> 00:27:43,605
for those that Apple can sometimes cap
625
00:27:43,705 --> 00:27:47,445
how many people you can have
in a beta test environment.
626
00:27:47,745 --> 00:27:49,165
So those are coming,
627
00:27:49,545 --> 00:27:51,325
I'm surprised they're
still in private preview.
628
00:27:51,685 --> 00:27:52,845
I would hope they would come out soon
629
00:27:52,965 --> 00:27:56,005
'cause I want to try
it on my Mac so it is,
630
00:27:57,675 --> 00:28:00,005
yeah, like you said, the
client's super easy to deploy.
631
00:28:00,205 --> 00:28:02,845
I deployed it and then once
it's deployed you just log in
632
00:28:02,845 --> 00:28:04,285
with your M 365 account.
633
00:28:04,625 --> 00:28:07,245
So I logged my account the
other day and then I went
634
00:28:07,245 --> 00:28:09,565
and logged in and like I had
global secure access popup
635
00:28:09,565 --> 00:28:10,685
and I had to go re-authenticate
636
00:28:10,795 --> 00:28:13,165
with my user account
, which I guess
637
00:28:13,165 --> 00:28:15,045
that one's an interesting one too Scott,
638
00:28:15,285 --> 00:28:17,765
because I have not tested this.
639
00:28:18,155 --> 00:28:20,445
Part of the point of
this is to monitor all
640
00:28:20,445 --> 00:28:22,645
that web traffic, but if I can sign out
641
00:28:22,645 --> 00:28:26,805
of global secure access,
can I essentially bypass it
642
00:28:27,065 --> 00:28:30,885
by signing out of my account
for global secure access
643
00:28:31,265 --> 00:28:32,645
or are there ways,
644
00:28:32,665 --> 00:28:33,965
and I haven't looked at this yet,
645
00:28:34,165 --> 00:28:37,205
to like block internet
traffic if you're signed out
646
00:28:37,385 --> 00:28:39,765
of your global secure access client,
647
00:28:39,995 --> 00:28:41,805
- I've not seen a way to block it.
648
00:28:41,965 --> 00:28:44,805
I had a very similar question.
649
00:28:45,355 --> 00:28:47,725
It's weird, it's early days for this one.
650
00:28:47,805 --> 00:28:50,525
I, I think it is definitely
one of those like preview, not
651
00:28:50,525 --> 00:28:55,005
for production but play around
with IT kinds of things.
652
00:28:55,875 --> 00:28:57,645
It's a little weird.
It's a little strange.
653
00:28:58,245 --> 00:29:00,325
I do think and and the
reason we're covering it,
654
00:29:00,605 --> 00:29:02,165
I think it's worth getting hands on with
655
00:29:02,645 --> 00:29:03,645
- Absolutely.
656
00:29:03,645 --> 00:29:06,645
- It's going to be I think
a pretty turnkey capability
657
00:29:06,785 --> 00:29:08,445
for a segment to,
658
00:29:08,585 --> 00:29:11,765
or a subset of organizations
that sit out there.
659
00:29:12,315 --> 00:29:14,165
It's also another great example of hey,
660
00:29:14,175 --> 00:29:16,125
let's take the disparate pieces and parts
661
00:29:16,465 --> 00:29:19,325
and pull them together and
put them into one place.
662
00:29:19,555 --> 00:29:21,205
Like for you in in your screen share.
663
00:29:21,335 --> 00:29:24,325
Let's go back to the
traffic forwarding stuff
664
00:29:24,715 --> 00:29:27,005
- That was tr not traffic logs.
665
00:29:27,075 --> 00:29:29,405
Traffic forwarding was
the connections. Yep, yep.
666
00:29:29,825 --> 00:29:32,645
- So like you take a look at that
667
00:29:33,275 --> 00:29:35,925
like you turn on your M 365 profiles.
668
00:29:36,145 --> 00:29:37,685
So let's take that one as example.
669
00:29:38,065 --> 00:29:40,285
Go in and and and view that
one there and view my traffic.
670
00:29:40,385 --> 00:29:42,005
So you have these policies
671
00:29:42,465 --> 00:29:44,925
and the policies that you've enabled.
672
00:29:45,345 --> 00:29:46,965
So these are all canned, right?
673
00:29:46,965 --> 00:29:48,005
This was brought in just
674
00:29:48,005 --> 00:29:49,805
by saying hey I'm gonna bring in M 365.
675
00:29:50,095 --> 00:29:52,085
There was nothing you couldn't
have done here on your own
676
00:29:52,085 --> 00:29:54,165
other than Microsoft bundled
it all together for you.
677
00:29:54,165 --> 00:29:58,245
Which is nice because tracking
the IP subnets for M 365
678
00:29:58,265 --> 00:30:01,005
as a service right, isn't
something you want to do uh,
679
00:30:01,305 --> 00:30:03,725
on your own, but there's a ton of
680
00:30:04,275 --> 00:30:05,805
flexibility here in the way
681
00:30:05,805 --> 00:30:08,125
that like this manifests
and comes together.
682
00:30:08,545 --> 00:30:10,605
So you could take like
SharePoint for example,
683
00:30:10,865 --> 00:30:13,285
say you wanna drive your exchange
traffic through the tunnel
684
00:30:13,545 --> 00:30:16,005
so you're set to forward now for all
685
00:30:16,005 --> 00:30:17,285
of those things over TCP.
686
00:30:17,545 --> 00:30:20,965
But if you take like your
first FQDN role like star
687
00:30:20,965 --> 00:30:22,925
sharepoint.com, that that wild card
688
00:30:22,925 --> 00:30:26,005
and bring down the dropdown,
you can actually bypass just
689
00:30:26,025 --> 00:30:30,685
for the FQDN, you can bypass
by IP subnet, things like that.
690
00:30:30,685 --> 00:30:33,125
So you can get like super
granular within these
691
00:30:33,465 --> 00:30:36,725
and then you have the same
set of controls for your
692
00:30:37,685 --> 00:30:40,525
internet bound access as well, internet
693
00:30:40,585 --> 00:30:43,845
and both your internet
and your private access.
694
00:30:44,505 --> 00:30:46,885
So it's super helpful to see
like the way like Microsoft
695
00:30:47,205 --> 00:30:49,445
composed the rules for M 365
696
00:30:49,985 --> 00:30:51,525
and how that stuff came together
697
00:30:51,985 --> 00:30:56,565
and then you can think about
potentially modeling that into
698
00:30:57,795 --> 00:30:58,805
your own stuff.
699
00:30:59,315 --> 00:31:01,845
There's also the ability,
if you go back yeah,
700
00:31:02,025 --> 00:31:03,485
- No though for internet, yeah.
701
00:31:03,485 --> 00:31:05,525
That they give you, so
they give you that option
702
00:31:05,525 --> 00:31:06,925
for Microsoft 365.
703
00:31:07,525 --> 00:31:09,965
I don't think, and this
is to your preview point
704
00:31:10,235 --> 00:31:11,965
that you can go in
705
00:31:12,225 --> 00:31:15,405
and tweak your internet
706
00:31:15,745 --> 00:31:17,605
access profile yet.
707
00:31:17,965 --> 00:31:20,205
I don't, this is tr security policies.
708
00:31:20,405 --> 00:31:22,445
- I wouldn't be surprised
to see it in the future.
709
00:31:23,125 --> 00:31:25,845
I imagine a lot of it is
is scaling things, right?
710
00:31:26,495 --> 00:31:29,365
Let's say you might wanna,
you might wanna forward for,
711
00:31:30,405 --> 00:31:32,485
I don't know, pick a website
you might wanna forward
712
00:31:32,625 --> 00:31:35,445
for stuff to, to Reddit for evaluation
713
00:31:35,745 --> 00:31:37,845
but you might wanna
bypass for Bing, right?
714
00:31:37,845 --> 00:31:39,365
Just for your online searches.
715
00:31:39,435 --> 00:31:41,165
Like I, I think that capability will come
716
00:31:41,165 --> 00:31:42,485
and probably is the scale component.
717
00:31:43,065 --> 00:31:44,725
The other thing I should
mention with traffic forwarding,
718
00:31:44,725 --> 00:31:46,205
if you go back to traffic forwarding again
719
00:31:46,465 --> 00:31:48,685
and like the M 365 1, so you've got
720
00:31:48,685 --> 00:31:51,005
that linked conditional access policies.
721
00:31:51,585 --> 00:31:56,125
So you can link conditional
access policies to each profile
722
00:31:56,225 --> 00:31:59,965
as well, which is super flexible again,
723
00:32:00,115 --> 00:32:03,325
like it's basically making a
lot of this stuff like as much
724
00:32:03,325 --> 00:32:06,165
as like conditional access
policies were next exercise,
725
00:32:06,475 --> 00:32:08,085
this is just next .
726
00:32:08,085 --> 00:32:10,765
- Yeah.
- And done it, it simplifies
727
00:32:10,765 --> 00:32:12,365
that deployment model even further.
728
00:32:12,545 --> 00:32:14,685
- Yep. And one of the things
that they've brought up,
729
00:32:14,705 --> 00:32:15,885
we haven't talked about it yet,
730
00:32:16,025 --> 00:32:18,405
we could probably talk
about this more, is you like
731
00:32:18,405 --> 00:32:20,405
with conditional access and another thing
732
00:32:20,405 --> 00:32:23,245
that Microsoft is
working towards with this
733
00:32:23,245 --> 00:32:26,245
and this can help with is, and
I've seen this come up more
734
00:32:26,265 --> 00:32:28,725
and more lately in
different things that Meryl,
735
00:32:28,725 --> 00:32:31,285
we had him on the podcast,
he created a video on it is
736
00:32:31,285 --> 00:32:32,405
token stealing, right?
737
00:32:32,475 --> 00:32:34,045
Like people creating sessions,
738
00:32:34,045 --> 00:32:35,725
you get the whole man
in the middle attacks
739
00:32:35,795 --> 00:32:38,645
that are stealing session
tokens by routing all
740
00:32:38,645 --> 00:32:40,005
of your traffic this way too.
741
00:32:40,715 --> 00:32:44,565
That can, this also goes
a long ways with helping
742
00:32:44,875 --> 00:32:45,925
with token stealing
743
00:32:46,035 --> 00:32:48,725
because you're now essentially going
744
00:32:48,725 --> 00:32:51,285
through this end-to-end
encrypted tunnel from your device
745
00:32:51,475 --> 00:32:54,405
over that VPN connection
in an encrypted manner.
746
00:32:54,545 --> 00:32:57,365
And I think, I can't remember
all the conditional access
747
00:32:57,845 --> 00:33:00,925
policies where you can essentially
say if somebody's going
748
00:33:00,945 --> 00:33:04,685
to connect to my Microsoft
365 applications in those
749
00:33:04,685 --> 00:33:08,285
conditional access policies,
they are going to have to come
750
00:33:08,285 --> 00:33:11,005
through global secure access so
751
00:33:11,005 --> 00:33:14,525
that I know they're coming
into my environment in an
752
00:33:14,525 --> 00:33:16,565
encrypted manner and that traffic
753
00:33:16,705 --> 00:33:18,885
and that interaction
is be gonna be secure.
754
00:33:19,125 --> 00:33:20,645
I think that's a
conditional access policy.
755
00:33:20,865 --> 00:33:22,045
I'm not a hundred percent sure,
756
00:33:22,465 --> 00:33:25,325
but that is another, I
would say benefit of this.
757
00:33:25,565 --> 00:33:27,445
'cause we talked about a lot
of the logging the profiles,
758
00:33:27,445 --> 00:33:30,405
but a, there's that security
aspect of this as well. Yeah,
759
00:33:30,445 --> 00:33:31,445
- I wanna do it as like the old,
760
00:33:31,445 --> 00:33:33,085
like Steve Jobs strip ,
761
00:33:33,085 --> 00:33:34,685
like when he introduced the iPhone,
762
00:33:35,065 --> 00:33:37,125
oh it's the internet plus video
763
00:33:37,385 --> 00:33:38,485
and, and all those kinda things.
764
00:33:38,865 --> 00:33:41,685
No, it's identity, it's
networking ,
765
00:33:42,435 --> 00:33:43,645
it's, what is it?
766
00:33:44,645 --> 00:33:45,845
Identity networking.
Yeah, it's networking,
767
00:33:46,035 --> 00:33:47,365
it's endpoint access, right?
768
00:33:47,365 --> 00:33:48,805
Like you put these three things together
769
00:33:48,905 --> 00:33:52,965
and you have uh, global secure
access, which is part of this
770
00:33:53,765 --> 00:33:57,085
security service Edge
S-S-S-S-S-E suite kind of thing.
771
00:33:57,625 --> 00:33:59,125
So it's a mouthful on the front.
772
00:33:59,605 --> 00:34:01,765
I would encourage folks if
you're listening to this,
773
00:34:01,915 --> 00:34:05,725
like just go like pop up in a
web browser and check it out.
774
00:34:05,725 --> 00:34:06,925
Even if you go look at the docs
775
00:34:06,925 --> 00:34:09,965
or you just browse through like
your admin center and M 365.
776
00:34:10,995 --> 00:34:14,165
This is by far one of the easier like
777
00:34:14,765 --> 00:34:16,925
security solutions to configure out there.
778
00:34:17,115 --> 00:34:20,565
Like it, it, it really is
fairly self-explanatory in
779
00:34:20,565 --> 00:34:22,445
what it's trying to do
and, and what's happening
780
00:34:22,445 --> 00:34:24,605
and there's not a ton
of machination going on.
781
00:34:24,905 --> 00:34:26,445
So it's super easy to
wrap your head around
782
00:34:26,945 --> 00:34:29,805
and then once you can do that,
I think like it does like
783
00:34:30,005 --> 00:34:31,085
just bring value.
784
00:34:31,235 --> 00:34:33,405
Like it's one of those
like self-inflicting
785
00:34:33,405 --> 00:34:34,485
value kind of services.
786
00:34:34,745 --> 00:34:37,045
- Yep. And you will
encounter stuff that, yeah,
787
00:34:37,075 --> 00:34:40,165
it's preview, I think my audit
logs I go click on like audit
788
00:34:40,235 --> 00:34:42,085
logs and it says we're
hard at work developing
789
00:34:42,085 --> 00:34:43,125
this feature. Be patient
790
00:34:43,295 --> 00:34:44,565
- We'll see in the future
- .
791
00:34:44,565 --> 00:34:47,605
Yeah there's some IT teases functionality
792
00:34:47,605 --> 00:34:49,485
because the menu items are there
793
00:34:49,705 --> 00:34:51,485
and as you click through it you'll get,
794
00:34:51,785 --> 00:34:53,005
oh we're still developing this
795
00:34:53,025 --> 00:34:54,165
or we're still developing that.
796
00:34:54,425 --> 00:34:56,965
But to your point, it's what
absolutely worth playing with.
797
00:34:57,565 --> 00:35:00,005
Clicking on a few of the check
boxes, some of the profiles
798
00:35:00,545 --> 00:35:04,365
set up a couple of your test
clients to route traffic
799
00:35:04,365 --> 00:35:06,205
through it and it's fascinating.
800
00:35:06,515 --> 00:35:08,805
Traffic logs is one thing that is there.
801
00:35:09,195 --> 00:35:11,245
This does not go through
my production machine,
802
00:35:11,345 --> 00:35:14,845
but it has 28,000 connections and seven
803
00:35:14,865 --> 00:35:17,005
and a half thousand accesses
804
00:35:17,005 --> 00:35:20,765
to Microsoft 365 20,000 times
I've access to the internet.
805
00:35:20,945 --> 00:35:24,645
And it gives you like even
endpoints within Microsoft
806
00:35:24,715 --> 00:35:27,165
that you're connecting to
where I can see connections
807
00:35:27,165 --> 00:35:31,405
to East US or to like edge.microsoft.com.
808
00:35:32,115 --> 00:35:34,005
It's interesting to
just go look through it.
809
00:35:34,005 --> 00:35:36,685
Here's a Grammarly where
I connected a Grammarly
810
00:35:37,285 --> 00:35:39,725
endpoint from my Windows device.
811
00:35:39,905 --> 00:35:42,565
So it has got absolutely
worth turning this on
812
00:35:42,565 --> 00:35:44,405
and starting to play with
it for certain clients
813
00:35:44,505 --> 00:35:45,925
and see if it's something that,
814
00:35:46,515 --> 00:35:47,765
it's something I would keep an eye on
815
00:35:47,765 --> 00:35:50,165
and really consider rolling
out in certain cases
816
00:35:50,545 --> 00:35:52,045
as it comes outta preview for sure.
817
00:35:52,345 --> 00:35:54,645
- So I think that takes us
through our whirlwind tour
818
00:35:55,345 --> 00:36:00,165
of Global Secure Access coming
to an M three, no coming
819
00:36:00,165 --> 00:36:02,725
to an enterra ID tenant near you.
820
00:36:03,165 --> 00:36:05,245
- . Yeah. 'cause I guess
technically you don't need
821
00:36:05,245 --> 00:36:07,845
to do M 365 if you're just
doing Enterra and Azure.
822
00:36:08,105 --> 00:36:11,005
You could go get Enterra
ad premium plan one
823
00:36:11,005 --> 00:36:12,485
and use this for, if
824
00:36:12,485 --> 00:36:15,965
- You're just doing enterra
as an identity store
825
00:36:16,145 --> 00:36:18,445
and AWS you could do this, right?
826
00:36:19,365 --> 00:36:20,365
I I I think it's about
827
00:36:20,365 --> 00:36:23,685
where you find the value
in it without having
828
00:36:23,705 --> 00:36:26,605
to be a wholesale consumer
of all Microsoft Services.
829
00:36:27,195 --> 00:36:31,045
That being said, if you're
doing M 365, this is a kind
830
00:36:31,045 --> 00:36:34,605
of like a big natural fit
kind of thing, especially
831
00:36:35,025 --> 00:36:36,405
for those customers who,
832
00:36:36,945 --> 00:36:38,325
and I imagine this is still the case.
833
00:36:38,325 --> 00:36:40,965
This used to be the case
when I was doing a lot
834
00:36:40,965 --> 00:36:43,285
of Office 365 and M 365
835
00:36:43,385 --> 00:36:45,245
and customer deployments
in my consulting days.
836
00:36:45,715 --> 00:36:48,245
Everybody wanted a private
version of SharePoint online.
837
00:36:48,345 --> 00:36:51,645
Yep. . So this kind of
gives you that click stop and,
838
00:36:51,645 --> 00:36:54,525
and that next FU piece of
like warm fuzzies about
839
00:36:55,035 --> 00:36:58,325
your connectivity for your
organization and your clients
840
00:36:58,985 --> 00:37:00,885
and there's a whole lot of what's in it
841
00:37:00,885 --> 00:37:02,685
for me there versus what's in it
842
00:37:02,685 --> 00:37:04,245
for Microsoft, which is nice to see.
843
00:37:04,245 --> 00:37:05,925
Yeah, it really does
further that. Alright,
844
00:37:05,985 --> 00:37:06,985
- Thanks Scott.
845
00:37:06,985 --> 00:37:09,045
That was a good one. Yeah,
now it is time for the weekend
846
00:37:09,575 --> 00:37:11,125
after a couple more meetings.
847
00:37:11,765 --> 00:37:15,285
- . It's
getting there slowly but
848
00:37:15,285 --> 00:37:16,565
- Surely we'll get there eventually.
849
00:37:16,765 --> 00:37:20,605
- I got two more to go and
then it's off for Margaritas
850
00:37:20,605 --> 00:37:23,805
and CES tonight, so I'm looking
forward to that. All right,
851
00:37:23,945 --> 00:37:25,125
- Go enjoy your weekend
852
00:37:25,585 --> 00:37:27,125
and we will talk to you again soon. All
853
00:37:27,125 --> 00:37:28,125
- Right, thanks Ben.
854
00:37:28,125 --> 00:37:31,725
- Thanks Scott. If you
enjoyed the podcast,
855
00:37:32,265 --> 00:37:34,325
go leave us a five star rating in iTunes.
856
00:37:34,505 --> 00:37:35,845
It helps to get the word out
857
00:37:35,865 --> 00:37:39,405
so more IT pros can learn
about Office 365 and Azure.
858
00:37:40,145 --> 00:37:42,525
If you have any questions you
want us to address on the show
859
00:37:42,585 --> 00:37:45,085
or feedback about the show, feel free
860
00:37:45,085 --> 00:37:48,365
to reach out via our website,
Twitter, or Facebook.
861
00:37:48,665 --> 00:37:50,765
Thanks again for listening
and have a great day.
