Introduction to Microsoft's Security Service Edge Solution Deployment Guide for Proof of Concept
- Jose Ricardo Olivo
- Jul 25, 2024
- 4 min read
Overview
Microsoft's identity-centric Security Service Edge solution converges network, identity, and endpoint access controls so that you can secure access to any app or resource, from any location, device, or identity. It enables and orchestrates access policy management for employees, business partners, and digital workloads. You can continuously monitor and adjust user access in real time if permissions or risk level changes to your private apps, SaaS apps, and Microsoft endpoints.
Business value
With the ongoing rise of a hybrid and modern workforce, it's important to recognize and adopt new ways of implementing security. Strained and challenged traditional corporate networks result in higher security risks and poor user experience. Legacy approaches present key challenges:
Inconsistent and inefficient security controls
Security gaps from siloed solutions and policies
Higher operational complexities and cost
Limited resources and technical skills
Microsoft's Security Service Edge solution helps to protect all stages of digital communication. It leverages Microsoft's vast global network to minimize latency and boost employee productivity with fast and seamless access to apps and resources.
Built on Zero Trust principles, this easy-to-deploy SSE solution protects against threats with comprehensive, cloud-delivered security services: Zero Trust Network Access (ZTNA), secure web gateway (SWG), cloud access security broker (CASB), and deep integrations across the Microsoft security ecosystem. Unified identity and network access controls help you to easily manage granular access policies in one place to eliminate gaps in defenses and reduce operational complexity.
The unified Zero Trust architecture and policy engine simplifies access control and technology management for directory, single sign-on (SSO), federation, role-based access control (RBAC), proxy. To enforce access to your data, consistently apply a centralized policy across corporate resources such as identity, data, network plus infrastructure, and apps across cloud, on-premises, Internet of Things (IoT), and operational technology (OT).
Enforce unified adaptive access controls. Eliminate gaps in your defenses and protect access end-to-end by extending Microsoft Entra Conditional Access and continuous access evaluation (CAE) to any application, resource, or other network destination.
Simplify network access security. Minimize risk from threats and escape the complexity and cost of traditional stand-alone network security tools with comprehensive, simple to deploy, cloud-delivered security services.
Deliver a great user experience anywhere and boost hybrid work productivity. Provide fast and seamless access through a globally distributed secure network edge with Points of Presence (PoP) closest to the user. Eliminate extra hops to optimize traffic routing to apps and resources on-premises, across clouds, and anywhere in between.
Integrated fabric. Converged identity and network access controls secure access to all apps and resources.
Microsoft's Security Service Edge solution features
Microsoft Entra Internet Access helps you to secure access to all internet, SaaS, and Microsoft apps and resources while protecting your organization against internet threats, malicious network traffic, and unsafe or noncompliant content. Microsoft Entra Internet Access unifies access controls in a single policy to close security gaps and minimize cyberthreat risk. It simplifies and modernizes traditional network security to protect users, apps, and resources. Advanced capabilities include universal access controls, universal tenant restriction, token protection, web content filtering, cloud firewall, threat protection, and Transport Layer Security (TLS) inspection.
Microsoft Entra Internet Access for Microsoft traffic features adaptive access, robust data exfiltration controls, and token theft protection. Resiliency through redundant tunnels provides best-in-class security and granular visibility for Microsoft services, the world's most widely adopted productivity app. Choose what works best for your organization with flexible deployment options: a complete SSE solution by Microsoft or a side-by-side deployment with other SSE solutions. For example, you can deploy Microsoft Entra Internet Access for Microsoft traffic to gain unique security, visibility, and optimized access for Microsoft apps while keeping your existing SSE solution for other resources. Microsoft Entra Internet Access for Microsoft traffic offers scenarios that enhance security and improve your Zero Trust architecture and end user experience.
Protect against data exfiltration by deploying tenant restrictions v2 and enforcing compliant network location with Conditional Access (see Sample PoC scenario: protect against data exfiltration).
Restore source IP address from original egress IP to enhance security logs, maintain compatibility with configured named locations in Conditional Access, and retain identity protection location-related risk detections (see Sample PoC scenario: source IP address restoration).
Microsoft Entra Private Access helps you to secure access to private apps and resources for users anywhere with ZTNA. Built on Zero Trust principles, Microsoft Entra Private Access removes the risk and operational complexity of legacy virtual private networks (VPN) while boosting user productivity. Replace legacy VPNs with ZTNA to minimize the risk of implicit trust and lateral movement. Quickly and securely connect remote users from any device and any network to private apps: on-premises, across clouds, and in between. Eliminate excessive access and stop lateral threat movement with automatic app discovery, easy onboarding, adaptive per-app access control, granular app segmentation, and intelligent local access.
Prepare for your Proof of Concept project
Technology project success depends on managing expectations, outcomes, and responsibilities. Follow the guidance in this section to ensure the best results from your Proof of Concept (PoC) project.
Identify stakeholders
When beginning your deployment plans, include your key stakeholders. Identify and document stakeholders, roles, responsibilities. Titles and roles can differ from one organization to another; however, the ownership areas are similar.
Comments