Microsoft Entra Private Access Step by Step Tutorial and Demo using Zero Trust

Love the way you explained Zero trust.

rapiddl

Amazing demo!!! so really this way i don't even need to provision azure bastion as i can remote in to my hosts! TY Ed, really awosome!

mosksky

This is awesome. One thing that I am confused on is how does an FQDN work? What forces your DNS lookups to use one of your on prem DNS servers?
I set this up so that I could access one of my SQL servers and it works great if I have the IP address. If I try to use the FQDN it fails because the FQDN cannot be resolved. Thoughts on this one?

RobFahndrich

Private access looks amazing. Still have some questions, hope you can answer:
- As it requires the same license (P1) and can also give users access to on-premise web based applications, is there still a valid use case for using Application Proxy? I guess you'd still need app proxy to give access to on-premise web based resources from non-azure joined devices, or devices without the GSA client?
- Does this also work from Azure joined devices that use WHfB, so passwordless login, giving SSO to on-premise applications without the use of WHfB Cloud Kerberos Trust?

hapskie

Hi, thanks for the tutorial 👌

Everything ok except the global access clients, i have several warning such as disabled by your organization and breakglass mode disabled.

Could you help me ?thanks !

alexis

So does ALL traffic end up flowing through the proxy? Or is this for authentication only? Don't really understand how the network flow works. Also, you added two different endpoints to the same Enterprise App (RDP to DC). Is this the recommended way of doing it?

MrMarcLaflamme

Did tested in our environment and this is awesome!
Just one question: with azure joined computers, there is a way to skip RDP from asking MFA? is this related to condition?

andersontapetti

We’ve had a lot of issues with authentication over private access preview - Specifically with file shares / SMB and Kerberos- any advice on this?

mattcauthen

Hi, A very informative demo. but unable to reach ADDS configured azure file share from private access, ... as users is unable to authicate with DC....pls suggest how we can resolve this? Thanks.

vish

Great demo. Thanks 👍
Some remarks:
1.MDM such as Intune managed devices could be also included and not only domain joined ones.
2. MS Entra App Proxy connector requires Win 2012 or later, can it be used on any VM? Example in AWS or GCP? Should be great for example a “ready to use connector” available in marketplaces.

fatihtozlu

fantastic explanation. I would just like to ask if for Microsoft Enter Private Access I need some particular license. I have the Microsoft 365 E5, thanks in advance

giorgiomaiorano

Can the GSA client auto connect? Ie always on.

cyphernz

hi thanks for your video could you post corporate users VPN connection though ms entra

ajithm

Brilliant demo. Looks like this may replace my Zscaler Private Access setup. Any Azure licencing requirements ? Will this work on domain joined laptops and not Azure joined ? Also support for Mac's in the future? I think with this I can replace the legacy VPN to HQ hopefully 👍🙏

regipradeeswaran

Setup concept:

We have Azure Entra-AD & 100 Microsoft 365 Business Premium:
- in Azure IaaS, we have 2 Windows Server 2022 Azure Entra-AD joined, running file server, and a Azure NAT-GW for them to get internet & windows update.
- on-prem we also have 2 Windows Server 2022 Azure Entra-AD joined, running print server, and a hardware firewall for internet access, DHCP, DNS.
- on-prem we have 80 Windows 10 Pro desktop, that is Azure Entra-AD joined.

note: we don't have Active Directory on-prem, nor Azure Entra Active Directory Domain Services in Azure.

Can we use Microsoft Entra Private Access to allow the 80 clients to access the 2 file server in Azure IaaS without a VPN?

fbifido