Microsoft Entra

Getting started with the Global Secure Access client for Windows

by

This first week is all about the Global Secure Access client for Windows. Global Secure Access is the Security Service Edge (SSE) solution of Microsoft. Gartner defines SSE as a solution that secures access to the web, cloud services and private applications regardless of the location of the user or the device they are using or where that application is hosted. Within Global Secure Access, Microsoft introduced the (Microsoft Entra) Internet Access and (Microsoft Entra) Private Access products to provide that functionality. Of these products Internet Access is focused on secured access to Microsoft 365, SaaS, and public apps, while Private Access is focused on secured access to private or internal resources. The Global Secure Access client can be used to connect to the Global …

Read more

Working with web sign-in on Windows 11

by

This week is a bit of a follow-up on a post of about two years ago and is mainly focussed on creating some awareness. That post was specifically about enabling web sign-in to Windows for usage with Temporary Access Pass. That web sign-in functionality provides a web-based sign-in experience on Microsoft Entra joined devices. At that time, that web-based sign-in experience was limited to Temporary Access Pass (TAP). Starting with Windows 11 version 22H2 with KB5030310 and later, that has changed. The supported scenarios and capabilities of web sign-in are now expanded. Besides TAP, it can now also be used for a passwordless sign-in experience with the Microsoft Authenticator app, a seamless Windows Hello for Business PIN reset experience, and even a federated identity with …

Read more

Deploying and configuring the Azure VPN Client app on Windows devices

by

This week is all about deploying and configuring the Azure VPN Client app on Windows devices. The Azure VPN Client app can be used to connect to any Azure VPN gateway. That provides access to specific Azure virtual networks, even when working from a remote location. That can useful in many different situations. The great part is that, nowadays, the Azure VPN Client app can be deployed and configured by using Microsoft Intune. At least, when using Microsoft Entra ID for authentication. In that case, it’s possible to make it all automatically available to user. The only action left for the user is to authenticate. To achieve that, there are a few specific configurations required. This post will walk through the main configurations regarding the …

Read more

Configuring Windows Hello for Business cloud Kerberos trust

by

This week is all about Windows Hello for Business. More specifically, about Windows Hello for Business cloud Kerberos trust. Not something really new, but definitely something that should be part of the default toolset. Hopefully familiar nowadays, Windows Hello for Business can be used to replace password sign-in with strong authentication on Windows. On top of that, Windows Hello for Business cloud Kerberos trust brings a simplified deployment experience for hybrid authentication with Windows Hello for Business. To provide that functionality, it relies on Microsoft Entra Kerberos for requesting Kerberos ticket-granting-tickets (TGTs). And those TGTs can then be used for on-premises authentication. A bing difference with other deployment models is the simplicity. No dependency on a public key infrastructure (PKI) and no need to synchronize …

Read more