Effective July 1, 2024, Microsoft Entra Suite, Entra Private Access, Entra Internet Access and Secure Access Essentials are available as standalone products in the Enterprise Agreement (EA), Enterprise Subscription Agreement (EAS), and Microsoft Cloud Agreement (MCA) with SCHNEIDER IT MANAGEMENT as your Cloud Solution Provider (CSP). These new products provide enhanced security and access capabilities.
Why these new products?
The way people work has evolved significantly. Rather than being confined to traditional offices, individuals now work from various locations. Applications and data have shifted to the cloud, necessitating a modern network security approach. This new category of network security is known as Security Service Edge (SSE). For SSE, Microsoft now introduced several new products, that address the security and access needs regarding the requirement to work from different places.
Microsoft Entra Internet Access and Microsoft Entra Private Access form the core of Microsoft’s SSE solution. Global Secure Access serves as the unifying term for both Entra Internet Access and Entra Private Access. It is the unified location within the Microsoft Entra admin center. Entra Internet Access and Entra Private Access, along with Microsoft Defender for Cloud Apps (a SaaS-security focused Cloud Access Security Broker), provide a unique solution that combines network, identity, and endpoint access controls.
Product Overview
The following standalone products are now available:
Microsoft Entra Suite: Comprehensive Security Suite
Microsoft Entra Suite is a comprehensive security suite that combines multiple features to safeguard your organization’s data and systems, especially when accessed from various places. Entra Suite is designed to be one comprehensive Security Service Edge (SSE) solution.
Licensed per user per month, it can be assigned to any user already licensed with Entra ID Plan 1 or any plan that includes it, such as Microsoft 365 E3. Additionally, the standalone product (add-on) is available for users with Entra ID Plan 2.
Microsoft Entra Private Access: Controlled Private Access
Microsoft Entra Private Access ensures secure access to your organization’s private, corporate resources for both office-based and remote users.
Capabilities:
- Extends access to private resources, ports, and protocols.
- Allows remote users to connect across hybrid, multicloud environments, private networks, and data centers without a VPN.
- Offers per-app adaptive access using Conditional Access policies, providing finer security control than traditional VPNs.
Key Features:
- Zero Trust Access: Enables secure connections to specific IP addresses or Fully Qualified Domain Names (FQDNs) without relying on legacy VPNs (known as Quick Access).
- Per-App Access: Supports Transmission Control Protocol (TCP) apps (User Datagram Protocol (UDP) support is in development).
- Modern Authentication: Integrates with Conditional Access for improved legacy app authentication.
- Seamless Deployment: Works alongside existing non-Microsoft Secure Socket Extension (SSE) solutions.
Microsoft Entra Internet Access: Secure Internet Access
Microsoft Entra Internet Access ensures secure access to Microsoft services, Software as a Service (SaaS) applications, and public internet apps. It safeguards users, devices, and data against internet threats.
- Secure Web Gateway (SWG): Entra Internet Access employs an identity-centric, device-aware, cloud-delivered SWG. This gateway provides secure access to public internet apps. Users can connect seamlessly to Microsoft 365 apps while benefiting from best-in-class security and visibility.
- Risk Assessment Precision: The service enhances risk assessments by analyzing user behavior, location, and device signals. This precision allows for more effective security measures.
- Conditional Access Enhancements: It prevents stolen tokens from being replayed through compliant network check-ins. It applies universal tenant restrictions to prevent data exfiltration to other tenants or personal accounts, including anonymous access.
- Logging and Monitoring: Enriched logs capture network and device signals, currently supported for SharePoint Online traffic. This visibility aids in threat detection and incident response.
- Deployment Flexibility: It can be deployed side-by-side with non-Microsoft Secure Socket Extension (SSE) solutions. It acquires network traffic from desktop clients or remote networks (e.g., branch locations).
- Web Content Filtering: This regulates access to websites based on content categories and domain names. It helps maintain productivity and security.
- Universal Conditional Access Policies: Even if not federated with Microsoft Entra ID, organizations can apply Conditional Access policies to all internet destinations. The integration with Conditional Access session controls ensures consistent security.
Secure Access Essentials: Essential Security Features
Secure Access Essentials is a licensing option that includes the use of the Microsoft traffic profile. That refers to the ability to route and manage network traffic through Microsoft’s infrastructure. It allows organizations to leverage Microsoft’s extensive network to optimize and secure access to both public and private resources. Your network traffic can be handled by Microsoft’s network, which spans over 140 regions and 190+ network edge locations, providing a secure and efficient way to connect users and devices to necessary resources. It is part of the broader Global Secure Access solution, which encompasses Microsoft Entra Internet Access and Microsoft Entra Private Access. These services are designed to secure access to both public and private resources, leveraging principles of Zero Trust to ensure least privilege, explicit verification, and breach assumption.
Licensing Programs
These products can be obtained under various licensing agreements:
- Enterprise Agreement (EA)
- Enterprise Subscription Agreement (EAS)
- Microsoft Cloud Agreement (MCA)
Licensing Prerequisites
To purchase these standalone licenses, one of the following licenses are required as prerequisites:
- Microsoft Entra ID P1
- Microsoft 365 E3/A3
- Microsoft 365 Enterprise Mobility & Security E3/A3
- Microsoft 365 Business Premium
Concerning Entra Suite, there are more license prerequisite options:
For Microsoft Entra Suite Add-on for Microsoft Entra ID P2:
- Microsoft Entra ID P2
- Microsoft 365 E5/A5
- Microsoft 365 E5 Security
- Microsoft 365 E5/A5 Enterprise Mobility & Security
For Microsoft Entra Suite Frontline Workers (FLW):
- Microsoft 365 F1/F3
For Microsoft Entra Suite Add-on for Microsoft Entra ID F2 for FLW:
- Microsoft Entra ID F2
- Microsoft 365 F5 Security
- Microsoft 365 F5 Security & Compliance
Any questions regarding the licensing?
Contact SCHNEIDER IT MANAGEMENT for a expert licensing consultancy regarding these new products. Learn what licenses are right for your organization’s needs and request a quote.
More information
For the announcement, please visit “July 1, 2024” on this site: https://www.microsoft.com/licensing/terms/product/changes/all.
Read more on Entra Suite: https://www.microsoft.com/en-us/security/blog/2024/07/11/simplified-zero-trust-security-with-the-microsoft-entra-suite-and-unified-security-operations-platform-now-generally-available/.
Find out more about Entra Private Access and Internet Access here: https://learn.microsoft.com/en-us/entra/global-secure-access/overview-what-is-global-secure-access.
For more on Microsoft licensing, visit our Microsoft vendor page at: https://www.schneider.im/software/microsoft/.
Please contact us for expert services on your specific Microsoft software and Online Services requirements and to request a quote today.