This brother needs to be protected at all costs. Thank you sir, you have no idea how valuable you are. I am Back Office engineer in a company in South Africa and your videos are so helpful.
Great Info Jonathan. I see this GSA is no longer in 'Preview' and I would love to see a part 2 update. also a dedicated intro to the VPN setup and config.
I trust Microsoft as much as I can trust their open source operating system. Especially after Bill Gates stated that he thinks the government should have access to everyone's data.
It’s a completely free world. I’m a content creator. I don’t have any affiliation with Microsoft. If people don’t want to use their products, they don’t have to.
It is an interesting concept of doing central policy management of the Windows firewall and/or hosts file via web interface. Perhaps, as you mentioned, welcome for smaller businesses, because we on the large enterprise already do this (using different tools) since before pandemic days. The main drawback I see is the reliance on one single source for everything: if Microsoft makes one accidental change, your entire business is locked out. That is why having different vendors for certain solutions - including on-premises - still helps keeping your business running. Good recap of the tool, though. Kudos!
User roles and permissions already support Just-In-Time (JIT) access. I wish web content filtering also included JIT access control, allowing us to specify a duration or time frame for blocking certain content. For instance, I’d like to block access to social media specifically during office hours.
You mentioned your test VM was in InTune for the tenant. Is InTune enrollment required to run Global Secure Access on an endpoint device? Also, how long do you have to wait to see the "All Compliant Network Locations" show up in the locations list when you go to create the new Block policy? thx.
All goes well until 10:10 in your video, where you are supposed to select "All Compliant Network Locations", but that option hasn't appeared (did everything else up to this part of the video 24 hours ago), and still that option doesn't show up to be able to exclude it
Thank you so much for this video, it is very helpful and easy to understand. I have one quick question. In case the company want to block users from accessing social media, if the users want to bypass the block, can they just disconnect from the GSA client to access? Thank you in advance!
My issue with any video like this is I'm left with no understanding of why this does what it does. Ok, user tries to go to a blocked site... Is the magic done with DNS? Or does DNS resolve ok but routing tables prevent the connection? Or is there something else going on? If the user is using a non-Edge browser, does it still work? What path do the packets take? What source IP address does the website see?
Hi Peter, the aim of my videos is to educate the owners of businesses who aren’t technical but need to understand concepts. I am sure there are other videos on YT that go into the technical elements that you want
This is awesome, thanks Jonathon! Any chance you could do a video on Entra Private Access and the way it works with allowing you to access on-prem resources such as file shares and private apps through the global secure access client?
Great info Jonathan!!! Just wondering whether this is a good solution, or should we focus on the Web Content Filtering delivered by Defender for Endpoint (using smart screen and network protection)? What's your input regarding this? I practically see this as a better solution when it comes to exclusions, because with the WCF from defender one device can be in one group only.
MacOS client is currently not available to new customers of the service. Also the global client download failed to install on a Windows 11 Pro running in a virtual machine on a Mac (using Parallels). I guess I'm going to have to wait for the MacOS client to install it? It did install ok on a dedicated Intel W11 machine.
Excellent video. When blocking internet using web category like social media, can you be more granular. Example: block tweeter but allow Facebook? Is there a place to configure block page message.
How can we allow users to access network resources e.g shared drives. Also can they still use mittel soft phone while working from home.can they access AX which is onsite and not in the cloud?
@@bearded365guy It would be great to see a video on Private access. I watched the video expecting to see how a VPN works with Conditional access. I presume you have to have some bit software client on your servers, which communicates with Entra ID'S Conditional Access rules. IF this works reliably, I can see that could be a great replacement to awkward to configure and bothersome VPNs
@bearded365guy So question on this. Scenario: Since we have an onsite VPN while utilizing a hybrid environment, all the resources the employee's need to access is on-prem Domain, our VPN connects them to said on-prem domain so they can reach the sources needed. Question: Can this SSE also be utilized the same way? Or is this strictly an "encryption" method of their traffic vs. encrypted traffic between endpoints(from their laptop to our on-prem domain).
Hello Jonathan, thank you for this video. Can you please explain why you selected the BLOCK option at 10:16 in the video ? Also, is there an option to make all activity and traffic on your laptop use Microsoft Global Secure Access therefore keeping everything secure.
Very good video, congratulations. One question, regarding the web content filtering you showed. If the user disables the global client, would they be able to reach previously blocked websites?
@bearded365guy - do you know if Microsoft plan to allow customisable block pages for the web filtering? You would expect that to be the norm for an enterprise scenario to advise users that the site is actually blocked rather than inaccessible (and looking like a generic issue) otherwise it could result in a lot of service desk tickets especially if the policies are introduced without prior notification, as is my experience with many organisations that I’ve dealt with.
Thanks for demo , I followed your steps but I don't have the option in conditional access--->Conditions--->Locations---> Include , I don't have the option Any Locations , I have the others :All trusted IPs ,trusted Locations , All Compliant Network & selected locations, but no Any Location , did I miss a step?
ty for quick reply , when creating the policy CA09 , You selected the user , then went to Conditions , I don't have "Any Location" as an option in Locations section , I only have All trusted IPs ,All trusted locations , All Compliant Network locations (preview) & Selected Locations , you have when you select Include Any Location , Im missing that option @@bearded365guy
Cracking video and a great insight. A bit put off by the generic blocked access error rather than a defined “Your company has restricted access to…” response. Is this available?
I was playing at home and needed one more thing to be mentioned to win the game... My last word on my bingo sheet was 'zero trust'. Given then SSE is all about zero trust, I was disappointed that wasn't uttered even once... Joking aside, our organisation was trying to implement Cloudfare's ZTNA solution. Give Microsoft a few more years and I reckon it'll kill it. The Conditional Access is a killer feature that will make it a compelling sell if you are already heavily embedded in the Microsoft ecosystem.
Microsoft can't even fix its spam management technology - and we're supposed to believe their cybersecurity apps or services are top-notch. Ya. Good one.
During my testing even a standard user can pause the client. Surely that will change when the service reaches General Availability? It defeats the purpose of the client entirely if a standard user can pause it. Can anyone else confirm the same results?
hi Jonathan, great vid, thanks. 16mins 55sec in you say it takes some time for the web content filter to apply. how long are we talking? minutes or hours?
Thanks, Jonathan! Did I miss it or can you not have custom messages displayed to the policy subjects? To simply block the access to certain categories/ sites sans note that it violates the company policy will IMHO create more confusion and incidents/ SR’s.
Facebook does it. Apple does it. Amazon does it. TikTok does it. Google does it. Oracle does it. The Authorities pushing data privacy rules while getting more invasive. Todays' age DATA.
I was playing around with this a month or so ago, and have picked it up again now that Microsoft have released pricing. In my lab, I've got this setup for my test account, but something is flaky. The client says "disabled by your organization" for what feels like a long time. If I reboot, I can't immediately access my M365 services, but if I leave it for a while (maybe 30 min) and come back, it gets connected and works. Any idea on this? Your video seems to show it spring into life immediately.
This looks cool and I see a lot of benefits, esp if MS includes it with existing Bus Prem. But wow, that' a lot of scattered places to go to setup, manage, and review. And I bet there's no consolidated way to report what's in place for the tenant. Seems like it could easily make for a bit of nightmare to manage.
This is great Jonathan. so in defender for endpoint it does not prevent the user to bypass anything, it filters all internet using smart screen based on the policy. but with the global secure access i see that the users can always disconnect the global secure access and contine to access those sites. is that right?
Hope you’re right. Like 6 months ago someone from the Entra team told us that when this product comes out of preview it would require an additional license.
Yes you can. You have to create at least one (MS prefer two) server on prem and that will connect to this. I have tested this to use RDP right away from my laptop to an on prem server
I like you video. I have created a CA policy, but I don't show any "Linked Conditional Access polices" in the "Microsoft 365 access profile". Is my CA policy suppose to be showing there?
Okay so it appears things are working like you demonstrated, but the Application Outlook still works\opens when I pause the GAClient. Any thoughts on why it would not be blocked?
I am a tier 2 Dynamic 365 technical engineer. its nice to refresh on the other side of the coin . I would assume if you are helping other companies you are a Partner?
Not a new technology, just new to Microsoft. This has been done by Zscaler, Palo Alto, Cisco, and VMware for several years now. Cloudflare also does it now. Secure Access Service Edge (SASE) has existed as a VPN replacement for almost 10 years now. This is far from new to the industry.
Hi Jonathan great video, i am a little confused about the title of this video. I don't see you demonstrating the VPN feature here. Will you domonstrate this in a future video? I think it vwould be great secure method of ditching traditional and sometimes very troublesome VPN's via Conditnal Acess rules
Hi Jonathan Edwards, Thank you for uploading this video! I implemented your solution at the school where I work to provide safe internet access in our computer lab, and it's working well. However, I noticed that users can easily pause the service by clicking the icon in the taskbar. Could you please advise on how to prevent this?
When I tried implementing this as per the given steps I faced an error in Global Secure Access Client "". When I dig into this error found that the device in which Global Secure Access client required the device to be Microsoft Entra Joined device. Wondering if there is any way around as my users have BYOD and I cannot get their device to Entra Joined.
Great explainer. I started setting it up after seeing the video - indeed nothing like a VPN, the sergation of different apps and conditional access make this an absolute game changer. However I'm running into tunneling issues, RDP works absolutely great - no issues so the next step was a simple SQL server, two standard SQL ports ; can reach it just fine, studio as well but the moment I plug a real app on it (Accounting app) it can connect there is back and forth communication the only thing we seem to not be getting back are TDS packages - which contain of course the payload, making it effectively not working. I've been looking online as some youtube videos show a client with UDP support (and TDS?) and private DNS.. but official resources I'm unable to find - roadmap, changelog, client status etc. You've got more info? would love to run this instead of a VPN but due to the TDS issue I cannot.
Why do I get the feeling that this will be a service that the EU goes after due to it being included with O365, just like Teams was. For any Microsoft focussed business that is managing mainly business assets this seems a far easier solution than the standalone offerings that are out there.
Really like the demo, especially the setup, but it kinda misses the point and intended purpose of SSE. SSE is architecturally supposed to create a secure corporate LAN atop an insure/in-securable WAN i.e. the Internet, and thereby returns to the 'secure office infrastructure' of old, but this time communicating together over 'any old network'. Accessing a secure payroll server from a coffee shop would have better demonstrated its purpose. Also, perhaps a follow-video? Microsoft has always heralded its ZTNA as 'secure access to your M365 from anywhere'. Aside from web filtering and broad statements like 'well, it's more secure', what additional value does GSA bring to small businesses?
obviously. But why would you encourage your subscribers to volunteer to be part of a scheme which would encrypt the data on your computer so Microsoft can be the only company who is able to sell your data to the data brokers ? Why not encourage people to use an OS with no telemetry ? why not promote the idea of self hosted VPNs ? You are part of the problem @@bearded365guy
@@bearded365guy correct, however for the Private or local access it would be great if there was a way to secure the local target so that it only allows access if you have the client. You could then do MFA for internal needs.
This brother needs to be protected at all costs. Thank you sir, you have no idea how valuable you are. I am Back Office engineer in a company in South Africa and your videos are so helpful.
Dude - I'm so glad to have found your channel. No filler, just great explainers and demonstrations. Cheers!
Thanks Jonathan. This is cool. Exactly what we have all been needing. Great explanation.
Thanks Adam, I think this technology will be a great hit
You need a centralized government to control your data? This is what "we all" need. No no no. Definitely not from Microsoft's leaky bits.
Oh yeah, GENIUS idea. Just give uncle ms ALL your traffic and trust them to secure you and keep your privacy..
Great
And MS will manage your keys I presume. How convenient. For the government.
Western government will not allow any IT system that doesn't send everything to them.
AWS Does the same thing lol
If you're using Windows, you're already doing that. If you don't trust them, use someone else's OS.
@@jakejake7289
explain how am I already doing this.
Great Info Jonathan. I see this GSA is no longer in 'Preview' and I would love to see a part 2 update.
also a dedicated intro to the VPN setup and config.
Thank you for the clear and simplified breakdown of GSA. You earned a subscriber.
A customizabe Block page is NEEDED! The "Hmm,.... cant reach this page" will do nothing but increase support calls that the internet is not working.
Agree completely. I’m sure it will come
They will still call.
I trust Microsoft as much as I can trust their open source operating system. Especially after Bill Gates stated that he thinks the government should have access to everyone's data.
You could use another product if you don’t like Microsoft…
@@bearded365guyit's more like do you not see the problem given the responses you have given out to nearly all the comments you commented on?
It’s a completely free world. I’m a content creator. I don’t have any affiliation with Microsoft. If people don’t want to use their products, they don’t have to.
It is an interesting concept of doing central policy management of the Windows firewall and/or hosts file via web interface. Perhaps, as you mentioned, welcome for smaller businesses, because we on the large enterprise already do this (using different tools) since before pandemic days. The main drawback I see is the reliance on one single source for everything: if Microsoft makes one accidental change, your entire business is locked out. That is why having different vendors for certain solutions - including on-premises - still helps keeping your business running.
Good recap of the tool, though. Kudos!
Thanks for your comment, well balanced
User roles and permissions already support Just-In-Time (JIT) access. I wish web content filtering also included JIT access control, allowing us to specify a duration or time frame for blocking certain content. For instance, I’d like to block access to social media specifically during office hours.
You mentioned your test VM was in InTune for the tenant. Is InTune enrollment required to run Global Secure Access on an endpoint device? Also, how long do you have to wait to see the "All Compliant Network Locations" show up in the locations list when you go to create the new Block policy? thx.
No it's not required. But you will need that global secure access software and a logged in user.
All goes well until 10:10 in your video, where you are supposed to select "All Compliant Network Locations", but that option hasn't appeared (did everything else up to this part of the video 24 hours ago), and still that option doesn't show up to be able to exclude it
Go back to earlier in the video where we turn the setting on to allow remote access, is that still turned on?
I had turned it on, but it had turned itself off again. Turning it back on again resolved the issue, thank you @@bearded365guy
Thank you so much for this video, it is very helpful and easy to understand. I have one quick question. In case the company want to block users from accessing social media, if the users want to bypass the block, can they just disconnect from the GSA client to access? Thank you in advance!
My issue with any video like this is I'm left with no understanding of why this does what it does.
Ok, user tries to go to a blocked site... Is the magic done with DNS? Or does DNS resolve ok but routing tables prevent the connection? Or is there something else going on? If the user is using a non-Edge browser, does it still work? What path do the packets take? What source IP address does the website see?
Hi Peter, the aim of my videos is to educate the owners of businesses who aren’t technical but need to understand concepts. I am sure there are other videos on YT that go into the technical elements that you want
Great information Brother and great video thanks so much!
Can this be deployed for Windows 365 CPCs and become Zscaler alternative?
Yes it can!
Great video! I'm just starting to implement this. Very helpful.
This is awesome, thanks Jonathon! Any chance you could do a video on Entra Private Access and the way it works with allowing you to access on-prem resources such as file shares and private apps through the global secure access client?
Yes, I will.
@@bearded365guy it would be great if you could give us an introduction to Entra Private Access :)
Great info Jonathan!!! Just wondering whether this is a good solution, or should we focus on the Web Content Filtering delivered by Defender for Endpoint (using smart screen and network protection)? What's your input regarding this? I practically see this as a better solution when it comes to exclusions, because with the WCF from defender one device can be in one group only.
@@lachezarpopov6254 Both if possible….. think about security like an onion 🧅
Great video. Love the content you produce.
Great video, thanks for that. how about accessing on-prem applications out of office? We currently manage that with VPN.
MacOS client is currently not available to new customers of the service. Also the global client download failed to install on a Windows 11 Pro running in a virtual machine on a Mac (using Parallels). I guess I'm going to have to wait for the MacOS client to install it? It did install ok on a dedicated Intel W11 machine.
Excellent video. When blocking internet using web category like social media, can you be more granular. Example: block tweeter but allow Facebook? Is there a place to configure block page message.
How can we allow users to access network resources e.g shared drives. Also can they still use mittel soft phone while working from home.can they access AX which is onsite and not in the cloud?
If you still have servers, you can configure for private access. I didn’t show in the video.
Yes, you can access all of your apps still
@@bearded365guy It would be great to see a video on Private access. I watched the video expecting to see how a VPN works with Conditional access. I presume you have to have some bit software client on your servers, which communicates with Entra ID'S Conditional Access rules. IF this works reliably, I can see that could be a great replacement to awkward to configure and bothersome VPNs
@bearded365guy
So question on this. Scenario: Since we have an onsite VPN while utilizing a hybrid environment, all the resources the employee's need to access is on-prem Domain, our VPN connects them to said on-prem domain so they can reach the sources needed.
Question: Can this SSE also be utilized the same way? Or is this strictly an "encryption" method of their traffic vs. encrypted traffic between endpoints(from their laptop to our on-prem domain).
Yes, there is a private access part of this product for your scenario- I just didn’t talk about it in the video!
Thanks Johnathan! Looking forward to new demos like this!
Hello Jonathan, thank you for this video. Can you please explain why you selected the BLOCK option at 10:16 in the video ? Also, is there an option to make all activity and traffic on your laptop use Microsoft Global Secure Access therefore keeping everything secure.
Excellent video. Assume we will have the ability to push the client via Inutne?
Yes!
Very good video, congratulations. One question, regarding the web content filtering you showed. If the user disables the global client, would they be able to reach previously blocked websites?
Not with the conditional access policy
@@bearded365guy Thank you, but sorry, maybe it's not completely clear to me. With conditional policies you only block traffic to certain apps?
Great video as always!
Nice video. I really like how you focus on business premium. There is very little smb Microsoft content yt.
@bearded365guy - do you know if Microsoft plan to allow customisable block pages for the web filtering? You would expect that to be the norm for an enterprise scenario to advise users that the site is actually blocked rather than inaccessible (and looking like a generic issue) otherwise it could result in a lot of service desk tickets especially if the policies are introduced without prior notification, as is my experience with many organisations that I’ve dealt with.
I hope that feature will come. The product is still in public preview. Give it a bit more time.
Thanks for demo , I followed your steps but I don't have the option in conditional access--->Conditions--->Locations---> Include , I don't
have the option Any Locations , I have the others :All trusted IPs ,trusted Locations , All Compliant Network & selected locations, but no Any Location , did I miss a step?
Go back to earlier in the video when I switched the toggle on for the conditional access part. Is it switched on or off?
ty for quick reply , when creating the policy CA09 , You selected the user , then went to Conditions , I don't have "Any Location" as an option in Locations section , I only have All trusted IPs ,All trusted locations , All Compliant Network locations (preview) & Selected Locations , you have when you select Include Any Location , Im missing that option @@bearded365guy
Thank you and great video, can I skip installing the GlobalSecureAccessClient and still get conditional access and web filtering to work?
No, you need the client
This reminds me of Computer Basics (Unit 3: The Internet and More, Pages 213 & 214).
Cracking video and a great insight. A bit put off by the generic blocked access error rather than a defined “Your company has restricted access to…” response. Is this available?
Not yet. It should be coming….
so how does this secure the traffic from my laptop to the server/internet/cloud ? does the client use a tunnel for all outgoing traffic?
@6:57 - the middle option shouldn't that be for VPN?
I was playing at home and needed one more thing to be mentioned to win the game... My last word on my bingo sheet was 'zero trust'. Given then SSE is all about zero trust, I was disappointed that wasn't uttered even once... Joking aside, our organisation was trying to implement Cloudfare's ZTNA solution. Give Microsoft a few more years and I reckon it'll kill it. The Conditional Access is a killer feature that will make it a compelling sell if you are already heavily embedded in the Microsoft ecosystem.
Agreed. Did I not mention zero trust? 🤣
Microsoft can't even fix its spam management technology - and we're supposed to believe their cybersecurity apps or services are top-notch. Ya. Good one.
Ouch
you're not wrong about spam tech.
We enjoy blocking domains as free stats.
What you use for spam management?
I am not a techie but would this protection apply when accessing other business apps (non-MS 365) that are on the cloud?
Yes
Can't I just pause the client like you did to simply access social media again?
I was thinking the same thing.
He’s an administrator. Clients won’t have control over the service.
During my testing even a standard user can pause the client. Surely that will change when the service reaches General Availability? It defeats the purpose of the client entirely if a standard user can pause it. Can anyone else confirm the same results?
hi Jonathan, great vid, thanks. 16mins 55sec in you say it takes some time for the web content filter to apply. how long are we talking? minutes or hours?
More hours than days!
Thanks, Jonathan! Did I miss it or can you not have custom messages displayed to the policy subjects? To simply block the access to certain categories/ sites sans note that it violates the company policy will IMHO create more confusion and incidents/ SR’s.
For small businesses M365 based this is a nice addition for control monitoring and mobile devices use.
Yes, I think so too.
given Windows and Microsoft's rampant data collection, who in their right mind would use this?
All of our clients.
Facebook does it.
Apple does it.
Amazon does it.
TikTok does it.
Google does it.
Oracle does it.
The Authorities pushing data privacy rules while getting more invasive.
Todays' age DATA.
Another great video Jonathan, many thanks. One question: is it dependant on devices being controlled via Intune?
Good question
Devices must be either Microsoft Entra joined or Microsoft Entra hybrid joined.
Microsoft Entra registered devices aren't supported.
thanks for the easy to digest video 👍
I was playing around with this a month or so ago, and have picked it up again now that Microsoft have released pricing. In my lab, I've got this setup for my test account, but something is flaky. The client says "disabled by your organization" for what feels like a long time. If I reboot, I can't immediately access my M365 services, but if I leave it for a while (maybe 30 min) and come back, it gets connected and works. Any idea on this? Your video seems to show it spring into life immediately.
I discovered our VPN was interfering with the Global Secure Access client, in case anybody else has this problem.
This looks cool and I see a lot of benefits, esp if MS includes it with existing Bus Prem. But wow, that' a lot of scattered places to go to setup, manage, and review. And I bet there's no consolidated way to report what's in place for the tenant. Seems like it could easily make for a bit of nightmare to manage.
What an amazing feature. I have a client who will make good use of this resource.
This is great Jonathan. so in defender for endpoint it does not prevent the user to bypass anything, it filters all internet using smart screen based on the policy. but with the global secure access i see that the users can always disconnect the global secure access and contine to access those sites. is that right?
Hope you’re right. Like 6 months ago someone from the Entra team told us that when this product comes out of preview it would
require an additional license.
It might. I don’t know.
Is it possible to block uploads to specific sites, e.g. Dropbox, Gmail, etc? We might want to allow staff to download, but not upload (DLP).
And wy exactly should i trust MS, is have a UDM PRO router and use wireguard to access my home in control myself , never use 3rd party vpn,
For the blocked websites is it possible to have a custom message that is displayed to the user when they are blocked?
I don’t think so at this stage. I’m sure it will come though
The requirements for the client states "Microsoft Entra joined" - can it also be hybrid domain joined?
Devices must be either Microsoft Entra joined or Microsoft Entra hybrid joined.
Microsoft Entra registered devices aren't supported.
Great video. Thank you.
Can i use it to access on prem resources?
Yes you can. You have to create at least one (MS prefer two) server on prem and that will connect to this. I have tested this to use RDP right away from my laptop to an on prem server
Great video, your content is super helpful. Thanks 👍
I like you video. I have created a CA policy, but I don't show any "Linked Conditional Access polices" in the "Microsoft 365 access profile". Is my CA policy suppose to be showing there?
Okay so it appears things are working like you demonstrated, but the Application Outlook still works\opens when I pause the GAClient. Any thoughts on why it would not be blocked?
The license costs are available now. You need to license both products, internet access and private access.
Jonathan Your the Best you made my day 🙏🙏👏👏😃😃CHEERS Mate .. 🍻🍻🍻🍻🍻🍻
I am a tier 2 Dynamic 365 technical engineer. its nice to refresh on the other side of the coin . I would assume if you are helping other companies you are a Partner?
A Microsoft Partner? Yes we are
Great video but where are you guys getting these 365 tenants from for demo purposes.
Spun up a tenant and bought some licenses
I asked my employer for a MSDN subscription. You get some bucks to spin up VM's and you get E5 licenses to test.
Hi Jonathan, you wouldn't believe how much your videos have been helping me. I'm curious, do you think this will limited use of SD-WAN?
Not a new technology, just new to Microsoft. This has been done by Zscaler, Palo Alto, Cisco, and VMware for several years now. Cloudflare also does it now.
Secure Access Service Edge (SASE) has existed as a VPN replacement for almost 10 years now.
This is far from new to the industry.
I don’t disagree. This is SSE not SASE though.
Not new to Microsoft either. They had this technology in windows server over a decade ago. This is just a cloud version.
Hi Jonathan great video, i am a little confused about the title of this video. I don't see you demonstrating the VPN feature here. Will you domonstrate this in a future video? I think it vwould be great secure method of ditching traditional and sometimes very troublesome VPN's via Conditnal Acess rules
SSE isn’t a VPN. It’s much more than that. The title was aimed at the fact that SSE would replace the need for any VPN
Hi Jonathan Edwards,
Thank you for uploading this video! I implemented your solution at the school where I work to provide safe internet access in our computer lab, and it's working well. However, I noticed that users can easily pause the service by clicking the icon in the taskbar. Could you please advise on how to prevent this?
Great video - what prevents an unknown user (hacker) from installing the client themselves if they have the correct credentials?
Wouldn't this block IOS users from getting to their email via a app on their iPhone like Outlook or Apple mail?
Question how does this affects a company that is using a sonic wall to filter traffic in and out from the local network to the internet.
whats to stop them closing the or pausing the application and accessing the internet?
Hi Johnathan, any idea how this will effect Teams Rooms?
Great video! We already know it requires additional licensing :(
Any eta on when it will hit ga?
Don’t know yet
Hey quick Question , can i have other traffic like Domain Controller Line of Sight ?
Thanks! Is it possible to block specific websites in just a specific time?
Very intresting one.
I did the same exercise but I am still able to connect to sharepoint with client paused.
I found the problem, after a week of banging head... it is a license issue... now you need Entra Suite license
When I tried implementing this as per the given steps I faced an error in Global Secure Access Client "". When I dig into this error found that the device in which Global Secure Access client required the device to be Microsoft Entra Joined device. Wondering if there is any way around as my users have BYOD and I cannot get their device to Entra Joined.
Your explanation is great, can I become your digital/social media manager?
What about byod laptops and desktops?
This is a cheat code ❤🔥🧨💯
Great explainer. I started setting it up after seeing the video - indeed nothing like a VPN, the sergation of different apps and conditional access make this an absolute game changer. However I'm running into tunneling issues, RDP works absolutely great - no issues so the next step was a simple SQL server, two standard SQL ports ; can reach it just fine, studio as well but the moment I plug a real app on it (Accounting app) it can connect there is back and forth communication the only thing we seem to not be getting back are TDS packages - which contain of course the payload, making it effectively not working. I've been looking online as some youtube videos show a client with UDP support (and TDS?) and private DNS.. but official resources I'm unable to find - roadmap, changelog, client status etc.
You've got more info? would love to run this instead of a VPN but due to the TDS issue I cannot.
Can I use is it to deploy images using autopilot with OOB?
"All Compliant Network Locations" not showing when I try to configure The Condition. Any Idea why?
Thanks for your all videos, they're amazing!!!
Does it help and work in the hybrid autopilot provisioning
If I have a program on my local server, would this allow me to access the program without a VPN?
Hi Jonathan
Thanks for another great video.
I wonder if this have multi geo functionality?
Why do I get the feeling that this will be a service that the EU goes after due to it being included with O365, just like Teams was. For any Microsoft focussed business that is managing mainly business assets this seems a far easier solution than the standalone offerings that are out there.
@@rogerthomas7040 Yes…..👍
Tailscale beats this on every aspect.
I’ve not used that.
Oh yeh, this is Tailscale's territory all day long
Really like the demo, especially the setup, but it kinda misses the point and intended purpose of SSE. SSE is architecturally supposed to create a secure corporate LAN atop an insure/in-securable WAN i.e. the Internet, and thereby returns to the 'secure office infrastructure' of old, but this time communicating together over 'any old network'. Accessing a secure payroll server from a coffee shop would have better demonstrated its purpose. Also, perhaps a follow-video? Microsoft has always heralded its ZTNA as 'secure access to your M365 from anywhere'. Aside from web filtering and broad statements like 'well, it's more secure', what additional value does GSA bring to small businesses?
They are offering it for free now, I've just "x"ed it off my screen, I don't want anything more to do with Microsoft more than I have to !
@@lifealliancegroup It now has pricing….
Would love to see an open source version of this running on my server at home. 😝
Thanks Jonathan!! Would it also be possible that the user can't Pause the SSE? Because if you pause it they can still go to facebook right?
Also wondering this! Great video though 👍
Interesting - but it would have been nice to mention at the beginning that this is not for 365 Business Standard users...
Pricing has just been released! At the time of filming, it was unknown .
@@bearded365guy Thank you!
So the best idea you have is for people to run all their network traffic through Microsoft .
I don’t think you’ve thought about this very long
Microsoft, the billion dollar company thought about it more than me….
obviously. But why would you encourage your subscribers to volunteer to be part of a scheme which would encrypt the data on your computer so Microsoft can be the only company who is able to sell your data to the data brokers ?
Why not encourage people to use an OS with no telemetry ? why not promote the idea of self hosted VPNs ?
You are part of the problem
@@bearded365guy
It's free? thanks!!
your definition of any is limited to 365?
I really like this idea, but it only restricts if you have the client installed.
It only allows clients access via the client…. So if you don’t have the client, no access
@@bearded365guy correct, however for the Private or local access it would be great if there was a way to secure the local target so that it only allows access if you have the client. You could then do MFA for internal needs.