I'm managing several Azure resources like databases across different resource groups and currently, we're limiting access with IP ingress rules. This method becomes tedious over time. I'm looking for a more zero-trust solution that lets users log in via Entra and gain access without needing to tweak IP tables or set up VPNs with their gateways. Initially, I considered Cloudflare's ZTNA tunnels, but I remembered Microsoft now offers global secure access (GSA). Is GSA suitable for this situation? I came across this specific connector that's still in preview—has anyone actually tried it out? Also, since we are a remote-first team, I want to avoid solutions that require being tied to a specific office location, like VPN hairpins.
2 Answers
GSA (Entra ID) Private Access is a solid choice for what you're looking for. It simplifies access without the hassle of constant IP management.
To effectively implement a zero-trust framework, you might want to look at additional Conditional Access Policies. Make sure to use strong phishing-resistant MFA, like SmartCards or YubiKeys. Also, ensure that devices are company managed through Intune, kept up-to-date, etc. I found an older, yet relevant Reddit thread discussing best practices for Conditional Access—still worth a read! [Link](https://www.reddit.com/r/sysadmin/comments/1ikti9o/project_best_practices_m365_conditional_access/)
Related Questions
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads