Define legacy protection and enforcement

Implementation Effort: Medium

User Impact: Low

Overview

Design and implement fine-grained on-premises protection with Entra Private Access

Imagine a scenario where an employee is working on-premises at their company's headquarters. They need to access the company's DCs to retrieve some important information for their project or make some changes. However, when they try to access the DC directly, they find that access is blocked. This is because the company has enabled privileged access, which restricts direct access to the DC for security reasons. Instead of accessing the DC directly, the employee's traffic is intercepted by the Global Secure Access Client and routed to the Microsoft Entra ID and Private Access Cloud for authentication. This ensures that only authorized users can access the DC and its resources.

Reference

• How to configure per-app access using Global Secure Access applications
• Apply Conditional Access policies to Private Access apps
• Microsoft Entra Private Access for on-prem users