Roll out GSA client to all managed devices
Implementation Effort: Low
User Impact: Low
Overview
Rolling out the Microsoft Entra Global Secure Access (GSA) client to all managed devices is a foundational step in enabling secure, identity-driven access to both corporate and internet resources. The GSA client provides organizations with granular control over network traffic at the endpoint, allowing for secure routing of specific traffic profiles through Microsoft Entra Internet Access and Private Access. This approach aligns with Zero Trust and Secure Access Service Edge (SASE) strategies by ensuring that connectivity from endpoints to applications is always verified, monitored, and policy-driven.
To deploy the GSA client, organizations should:
- Download the latest GSA client from the Microsoft Entra admin center and package it for deployment (such as with Microsoft Intune for Windows devices).
- Define security groups to target the correct set of users or devices for installation.
- Follow platform-specific installation guidance for Windows, Android, and other supported operating systems.
- Configure the client to enable required traffic forwarding profiles, such as Microsoft traffic, internet access, or private access.
By rolling out the GSA client across all managed devices, organizations benefit from deep visibility, real-time policy enforcement, and improved protection against evolving threats—whether users are on-site or remote.
For detailed, step-by-step instructions, see the References section
Reference
Windows based Global Secure Access Client
non-Windows OS clients: