Base SWG: Onboard M365 traffic

Implementation Effort: Low

User Impact: Low

Overview

To enable the Base secure web gateway (SWG) capabilities, organizations should start by onboarding the Microsoft365 traffic using Microsoft Entra Internet Access for Microsoft services. Microsoft Entra Internet Access for Microsoft services enhances Microsoft Entra ID capabilities with direct connectivity to supported Microsoft services, improving security, performance, and resilience.

Key capabilities:

• Connect to Microsoft services directly using the prepopulated Microsoft traffic forwarding profile, either from the desktop client or from a remote network, such as a branch location.
• Simplify Conditional Access policy configurations by requiring Compliant Network check for any Microsoft Entra ID integrated application with Microsoft Entra ID Conditional Access.
• Apply Universal Tenant Restrictions to reduce the risk of data exfiltration to unauthorized foreign tenants or personal accounts.
• Increase the accuracy of threat detections with source IP restoration for the Microsoft Entra ID sign in logs.
• Detailed network traffic logs for Microsoft traffic (including enforced policy details). Dashboards such as relationship maps between users, devices and endpoints, cross tenant access, and top network destination in use.

Reference

• Microsoft Entra Internet Access for Microsoft Services
• Microsoft traffic profile overview
• Microsoft Global Secure Access deployment guide for Microsoft Traffic