I'm currently using Azure ARC at my company to take advantage of cheaper Extended Security Updates (ESUs) for Windows servers. The ARC agent needs to connect to various Microsoft URLs through a proxy and firewall, and we have to whitelist these URLs, which includes logins and management services. Unfortunately, the process of getting these URLs approved is quite slow and requires justification every six months. I'm wondering if using Entra ID Global Secure Access could simplify this process, especially if combined with our ExpressRoute. The aim is to route traffic over private networks and reduce the need for constant URL whitelisting. I'd love to hear any ideas or thoughts on this.
2 Answers
Global Secure Access is primarily designed for end-user devices, so I’m not sure it would help with your Windows servers. If you set up the VPN agents and establish a connection, it might work, but there’s not much documentation confirming that. You might want to check with Microsoft support for more specifics.
In your situation, using Application Gateway and Private DNS Zones might be a workaround. This would let you manage the outbound connections through the Application Gateway, but it does require ongoing management of those outbound settings to ensure everything stays functional.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures