📄️ Overview Network Pillar
Implementation Effort: High
📄️ Stop buying or building Active Directory dependent apps
Implementation Effort: Low
📄️ Enable QuickAccess and Deploy Connectors
Implementation Effort: Medium
📄️ Migrate key remote apps to QuickAccess & enable private DNS
Implementation Effort: Medium
📄️ Secure remote app access with modern security controls (MFA/Device Trust)
Implementation Effort: Low
📄️ Bring all legacy apps under full governance lifecycle
Implementation Effort: High
📄️ Complete migration of apps to Private Access or Application Proxy
Implementation Effort: Medium
📄️ Header Decommission VPN infrastructure
Implementation Effort: Low
📄️ Design and Implement SDWAN capabilties
Implementation Effort: High
📄️ Roll out GSA client to all managed devices
Implementation Effort: Low
📄️ Discover App Usage and plan for App Segmentation
Implementation Effort: Medium
📄️ Define Segmentation Strategy
Implementation Effort: Medium
📄️ Rollout App Segments for Macro Segmentation
Implementation Effort: Medium
📄️ Secure sensitive legacy AppAccess with PIM
Implementation Effort: Low
📄️ Rollout / Implement Application Segments for Macro-segmentation based on business needs
Overview
📄️ Implement process level Microsegementation
Overview
📄️ Implement DC Agent for Microsoft Entra Private Access
Overview
📄️ Define legacy protection and enforcement
Overview
📄️ Implement intelligent Local Access
Overview
📄️ Monitoring: Leverage and monitor Traffic Logging
Implementation Effort: Low
📄️ Monitoring: Review GSA Audit Logs
Implementation Effort: Medium
📄️ Monitoring: Export Traffic and Audit logs to external SIEM solution
Implementation Effort: Medium
📄️ Monitoring: Leverage GSA Azureworkbooks
Implementation Effort: Low
📄️ Monitoring: Leverage GSA Sentinel integration (MS Roadmap)
Overview
📄️ Monitoring: Monitor and scale out
Implementation Effort: Medium
📄️ Define your SaaS app and Internet Access protection policy
Implementation Effort: Medium
📄️ Base SWG: Onboard M365 traffic
Implementation Effort: Low
📄️ Base SWG: Update Conditional Access policies to leverage Compliant Network controls
Implementation Effort: Low
📄️ Base SWG: Review and Redesign existing Internet Access filtering policies
Implementation Effort: Medium
📄️ Base SWG: Onboard Internet Access Secure Web Gateway capabilities
Overview
📄️ Base SWG: Enable and configure URL Filtering capabilities (MS Roadmap)
Overview
📄️ Base SWG: Rollout advanced filtering and inspection (MS Roadmap)
Overview
📄️ Roll out GSA client to all managed devices
Implementation Effort: Low
📄️ Protect M365: Implement Universal Tenant Restrictions to protect Auth and Data Plane for M365
Implementation Effort: Medium
📄️ Protect M365: Enable GSA Signaling for Conditional Access
Implementation Effort: Low
📄️ Protect M365: Implement for Guest Access in AVD and W365 (MS Roadmap)
Overview
📄️ Advanced SWG: Enable and Configure TLS inspection
Overview
📄️ Advanced SWG: Enable and configure Network DLP capabilties (MS Roadmap)
Overview
📄️ Advanced SWG: Implement Threat Intelligence filtering (MS Roadmap)
Overview
📄️ Advanced SWG: Configure 3rd Party inspection capabilities - Advanced Threat Protection (ATP)
Implementation Effort: Medium
📄️ Advanced SWG: Implement Cloud Firewall capabilities (MS Roadmap)
Overview
📄️ Advanced SWG: Design and Implement SDWAN capabilties
Implementation Effort: High
📄️ Agentless SWG: Onboard M365 traffic remote or agentless network segments
Implementation Effort: Medium
📄️ Agentless SWG: Update CA policies to leverage Compliant Network controls
Implementation Effort: Low