跳到主要内容

Advanced SWG: Enable and Configure TLS inspection

Overview

TLS inspection plays a pivotal role in Zero Trust architectures by decrypting and analyzing encrypted traffic. Since the majority of network data is now encrypted, traditional security tools may be blind to malicious content, policy violations, or sensitive data exfiltration hidden within this traffic. TLS inspection enables organizations to apply deep and granular security controls, such as advanced threat detection, content filtering, and compliance monitoring, even for encrypted sessions.

The Transport Layer Security (TLS) protocol uses certificates at the transport layer to ensure the privacy, integrity, and authenticity of data exchanged between two communicating parties. While TLS secures legitimate traffic, malicious traffic like malware and data leakage attacks can still hide behind encryption. The Microsoft Entra Internet Access TLS inspection capability provides visibility into encrypted traffic by making content available for enhanced protection, such as malware detection, data loss prevention, prompt inspection, and other advanced security controls.

TLS inspection decrypts and analyzes encrypted network traffic to detect threats, enforce security policies, and prevent data exfiltration. Since most internet traffic is encrypted, inspecting network traffic is crucial for comprehensive security.

A network admin can bring their own trusted certificate for Microsoft Global Secure Access to use for TLS termination. Create and apply "Inspect all" or "Bypass all" TLS Policies. Selectively enable TLS Inspection for users and groups via Conditional Access policies. Selectively enable TLS Inspection based on other Conditional Access conditions. Base web categories on the full URL in addition to the FQDN.

By leveraging TLS inspection as an enabler technology, organizations can uphold Zero Trust principles—ensuring visibility, enforcing security policies, and reducing risk across all traffic, not just unencrypted flows.

Reference