Integrate Netskope Advanced Threat Protection and Data Loss Prevention
Implementation Effort: Medium
User Impact: High
Overview
In a Zero Trust security model, organizations must continuously validate every access request and inspect all traffic—including encrypted traffic—to detect threats and prevent data exfiltration. While Microsoft Entra Internet Access provides core Secure Web Gateway capabilities, some organizations require advanced threat protection and data loss prevention features that extend beyond native capabilities.
The integration between Microsoft Global Secure Access and Netskope's Security Service Edge (SSE) solution combines Microsoft's identity-centric security approach with Netskope's advanced threat detection and comprehensive DLP capabilities. This integration enables organizations to enforce Zero Trust principles while leveraging specialized threat protection engines for real-time malware detection, zero-day vulnerability protection, and granular data loss prevention—all delivered through identity-aware Conditional Access policies.
Key Zero Trust outcomes for Netskope integration:
- Real-time advanced threat protection: Detect and block malware, zero-day vulnerabilities, and sophisticated threats using Netskope's ATP engines (Fast Scan for real-time T+0 detection, Deep Scan for thorough T+1 hour analysis)
- Comprehensive Data Loss Prevention: Enforce granular DLP policies based on predefined profiles (PCI, PII, HIPAA, etc.) or custom profiles tailored to organizational requirements
- Identity-aware policy enforcement: Deliver ATP and DLP policies through Conditional Access, ensuring user and context-aware security controls based on identity, device compliance, risk, and location
- Deep packet inspection via TLS termination: Inspect encrypted HTTPS traffic to detect threats and policy violations hidden within encrypted sessions (prerequisite for ATP/DLP)
- Granular activity-based controls: Apply policies based on specific activities (upload, download, browse) and destinations (categories, applications, FQDNs)
- Comprehensive monitoring and threat visibility: Access enriched traffic logs with threat metadata, alerts dashboard, and detailed threat reports including STIX reports and detonation images
Implementation steps:
- Activate Netskope offer through Global Secure Access marketplace (30-day free trial or private offer)
- Configure TLS inspection with trusted certificate (required prerequisite before purchasing Netskope offer)
- Enable Internet Access traffic forwarding profile and assign users/groups
- Create Netskope ATP policies with category/application-based rules and threat severity actions
- Create Netskope DLP policies with predefined or custom DLP profiles for data protection
- Link ATP, DLP, and TLS inspection policies to security profiles (do not use baseline security profile)
- Create Conditional Access policies targeting "All internet resources with Global Secure Access" and assign security profiles
- Validate configuration and test ATP policies (using EICAR test file) and DLP policies (using test data files)
- Monitor enforcement through Traffic logs (filter by vendor: Netskope) and Alerts dashboard
Important prerequisites:
- TLS inspection must be configured before purchasing Netskope offer from marketplace
- Firefox is not supported in this preview
- Baseline security profile does not support ATP or DLP policies—use standard security profiles with Conditional Access
Custom DLP capabilities: Organizations can create custom DLP profiles in Netskope admin center by configuring SAML SSO integration. Custom profiles sync automatically to Microsoft Entra admin center and can be used in DLP policies alongside predefined profiles, enabling tailored data protection aligned with specific organizational policies and compliance requirements.