Activate GSA
Configure initial product
Follow the steps in this section to configure SSE through the Microsoft Entra admin center and install the Global Secure Access Client on your Windows 10/11 client device.
Configure Microsoft SSE through the Microsoft Entra admin center
Activate Microsoft SSE through the Microsoft Entra admin center and make initial configurations that are requirements for this PoC.
- Open the Microsoft Entra admin center using an identity assigned the Global Secure Access Administrator role.
- Go to Global Secure Access > Get started > Activate Global Secure Access in your tenant. Select Activate to enable SSE features in your tenant.
-
Go to Global Secure Access > Connect > Traffic forwarding. Turn on Microsoft profile, Private access profile, and Internet access profile. Traffic forwarding enables you to configure the type of network traffic to tunnel through the Microsoft's Security Service Edge Solution services. You set up traffic forwarding profiles to manage types of traffic. The Microsoft traffic profile is for Microsoft Entra Internet Access for Microsoft Traffic. Microsoft's Security Service Edge solution only captures traffic on client devices that have Global Secure Access Client installed.
When you enable the Internet Access forwarding profile, you should also enable the Microsoft traffic forwarding profile for optimal routing of Microsoft traffic.
-
Enable source IP restoration, go to Global Secure Access > Connect > Settings > Session management > Adaptive Access and turn on Enable Global Secure Access signaling in Conditional Access. Source IP restoration is required to for Conditional Access policies that you will configure as part of this proof of concept.
Install Global Secure Access Client on your Windows 10/11 client device
Microsoft Entra Internet Access for Microsoft Traffic and Microsoft Entra Private Access use the Global Secure Access Client on Windows devices. This client acquires and forwards network traffic to Microsoft's Security Service Edge Solution.
-
Make sure your Windows device is Microsoft Entra joined or hybrid joined.
-
Sign in to the Windows device with a Microsoft Entra user role that has local admin privileges.
-
Open the Microsoft Entra admin center using an identity assigned the Global Secure Access Administrator role.
-
Go to Global Secure Access > Connect > Client Download. Select Download client and complete the installation.
-
In the Window taskbar, the Global Secure Access Client first appears as disconnected. After few seconds, you'll be prompted to sign in.
-
In the Window taskbar, double-click the Global Secure Access Client icon and verify Connected status.
-
In the Window taskbar, right-click the Global Secure Access Client.
-
Select Advanced Diagnostics to view Global Secure Access Client Connection Diagnostics. Click Health check and verify that all checks show Yes status.