Hey everyone, let's talk to AD resources without a VPN! Please make sure to read the description for the chapters and key information about this video and others. ⚠ P L E A S E N O T E ⚠ 🔎 If you are looking for content on a particular topic search the channel. If I have something it will be there! 🕰 I don't discuss future content nor take requests for future content so please don't ask 😇 🤔 Due to the channel growth and number of people wanting help I no longer can answer or even read questions and they will just stay in the moderation queue never to be seen so please post questions to other sites like Reddit, Microsoft Community Hub etc. 👂 Translate the captions to your native language via the auto-translate feature in settings! ua-cam.com/video/v5b53-PgEmI/v-deo.html for a demo of using this feature. Thanks for watching! 🤙
As always such a great explanation John and definitely an eye opener regarding different options available for multiple configurations. The best part of this (as probably most will agree) is the fact that no direct ports are opened, and the integration with the conditional access element (which form my perspective I believe it is massive). To top this up complying with ZTNA makes this an awesome solution. I would even consider the option of utilising Entra Private access as part of a migration of laptops/desktops to Microsoft Entra (without hybrid joined) and if during that time there are certain pre-requisites that dictate the need for on-premises AD to be part of this, then it will still satisfy this option too. The options/possibilities are endless.
Thanks for the video, John! I'm guessing we'd have to create multiple GSA applications for DCs in different locations, since the connector group is bound to the application?
Thanks John this is a great video, but you didn’t say that this is currently only available if you have signed up to the Private Preview. The Public Preview doesn’t support UDP yet, so you don’t get the Private DNS under Quick Access
Great walk through John. Most the SSE/ZTNA vendors seem to follow this approach of using app connectors as it eliminates any inbound ports being opened which is always a plus 🙂some vendors also offer ICMP as well now.
I’ll be factoring this into finally removing the need for my last remaining subset of users on VPN. Thanks for these videos, it really does help me be more aware of what is out there.
Would have to test this out since connectivity comes up only after user logs in. after user logs on, if all app segments are working, then it should sync the domain policies, etc.
Hey everyone, let's talk to AD resources without a VPN! Please make sure to read the description for the chapters and key information about this video and others.
⚠ P L E A S E N O T E ⚠
🔎 If you are looking for content on a particular topic search the channel. If I have something it will be there!
🕰 I don't discuss future content nor take requests for future content so please don't ask 😇
🤔 Due to the channel growth and number of people wanting help I no longer can answer or even read questions and they will just stay in the moderation queue never to be seen so please post questions to other sites like Reddit, Microsoft Community Hub etc.
👂 Translate the captions to your native language via the auto-translate feature in settings! ua-cam.com/video/v5b53-PgEmI/v-deo.html for a demo of using this feature.
Thanks for watching!
🤙
As always such a great explanation John and definitely an eye opener regarding different options available for multiple configurations.
The best part of this (as probably most will agree) is the fact that no direct ports are opened, and the integration with the conditional access element (which form my perspective I believe it is massive). To top this up complying with ZTNA makes this an awesome solution.
I would even consider the option of utilising Entra Private access as part of a migration of laptops/desktops to Microsoft Entra (without hybrid joined) and if during that time there are certain pre-requisites that dictate the need for on-premises AD to be part of this, then it will still satisfy this option too. The options/possibilities are endless.
Great explanation! Thank you!
Thanks for the video, John! I'm guessing we'd have to create multiple GSA applications for DCs in different locations, since the connector group is bound to the application?
Right, for the different IPs accessible use different apps via different connectors.
So many nice features... But im afraid it will be behind a 10$ per User/Month paywall after preview :(
If you look at costs of other commercial products for ZTNA, this is actually pretty cheap
Thanks John this is a great video, but you didn’t say that this is currently only available if you have signed up to the Private Preview. The Public Preview doesn’t support UDP yet, so you don’t get the Private DNS under Quick Access
In the Entra Private Access video I think I mentioned that.
Yea hopefully soon this will be in the public preview
Great walk through John. Most the SSE/ZTNA vendors seem to follow this approach of using app connectors as it eliminates any inbound ports being opened which is always a plus 🙂some vendors also offer ICMP as well now.
LOL! As a past Corgi owner and D&D player/DM, I love that shirt!!!
perfect! got something great for tonight, Thank you!😀
Wow. I was literally just looking for this!!
I’ll be factoring this into finally removing the need for my last remaining subset of users on VPN. Thanks for these videos, it really does help me be more aware of what is out there.
Very welcome!
When's this shirt available on the store? Please take my money (and give it to the charity.)
I didn’t design this one, I think I got it off Amazon.
What about hybrid entraid devices? Will devices lose domain trust or will this satisfy check in periods
Would have to test this out since connectivity comes up only after user logs in. after user logs on, if all app segments are working, then it should sync the domain policies, etc.
Another awesome video!
Is there support for resources on AzureADDS?
This is all about enabling ports in a secure manner so shouldn’t matter
Global Secure Access client for MacOS and iOS would be amazing.
This is on the very near roadmap for public preview.
@@NTFAQGuy Is there a roadmap somewhere I could look at? Currently in POC and would love to know when what is planned
How in the heck do you stay so on top of MS advancement John wow
It’s my hobby and job :)
it almost seems magic
Good Morning John
Hey, when will Microsoft Entra Private Access general available / GA ?
🤷♂️
Superb as usual.
Thank you! Cheers!