-
Secure Device Registration in Microsoft Entra and Microsoft Intune
By default, users can register devices in Microsoft Entra ID. Each device is represented as an object in Microsoft Entra ID and can be used for authentication and access. Once a user account is compromised, attackers can register their own devices and establish persistent access. Device registration is a security-critical process and must be secured. It is essential to define who is allowed to register devices, under which conditions registration is permitted, and which device types are accepted. Microsoft Entra ID and Microsoft Intune provide multiple control mechanisms that can be combined to enforce these requirements. Only when device registration is properly controlled can device compliance and Microsoft Entra Conditional…
-
Microsoft Entra Global Secure Access Troubleshooting Guide
Microsoft Entra Global Secure Access (GSA) enables secure access to Microsoft 365 services, internet resources, and private applications through a unified endpoint client combined with centrally managed configuration. Issues in Microsoft Entra Global Secure Access can originate at multiple layers, including the client, traffic forwarding profile processing, name resolution, proxy configurations, or the interaction with authentication and Microsoft Entra Conditional Access. Effective Microsoft Entra Global Secure Access Troubleshooting therefore requires a structured approach to root cause analysis. This article outlines relevant troubleshooting steps on the client side and within the Microsoft Entra admin center, and explains how to systematically identify and resolve issues. Insights gained from real world deployments are…
-
Microsoft Entra Backup and Recovery: Prerequisites, Backup, and Restore in Detail
Microsoft Entra Backup and Recovery is a new backup and recovery capability for directory objects that is natively integrated into Microsoft Entra. Supported objects are automatically backed up once per day and retained for five days (backup history). Microsoft Entra Backup and Recovery is currently in preview and helps restore identity objects, policies, and application objects to a previously known state after unintended or unwanted changes.
-
Microsoft Entra Private Access: Secure Access for External Users to Internal Resources
Connecting external users to internal resources has traditionally been implemented using VPN. While this approach provides network connectivity, it does not consistently align with Zero Trust principles. With the external user access capability in Microsoft Entra Global Secure Access, external identities can now be integrated into existing Microsoft Entra Private Access configurations. Microsoft Entra Private Access External Users authenticate with their own identity and device and intentionally switch to the resource tenant within the Global Secure Access Client. During this tenant switch, a Private Access tunnel is established that restricts connectivity exclusively to explicitly published internal applications.
-
Microsoft Entra Private Access BYOD: Access Internal Resources with Entra Registered Devices
Until now, access to internal resources through Microsoft Entra Private Access was limited to managed devices that were either Microsoft Entra joined or Microsoft Entra hybrid joined. With the introduction of Microsoft Entra Private Access BYOD support, this limitation has been removed. Microsoft Entra registered devices can now access internal resources through Microsoft Entra Private Access, extending secure access to scenarios beyond fully managed devices.