Hang tight while we fetch the video data and transcripts. This only takes a moment.
Connecting to YouTube player…
Fetching transcript data…
We’ll display the transcript, summary, and all view options as soon as everything loads.
Next steps
Loading transcript tools…
Configure Entra Private Access and Quick Access in Microsoft Entra Global Secure Access | Microsoft Security | YouTubeToText
YouTube Transcript: Configure Entra Private Access and Quick Access in Microsoft Entra Global Secure Access
Skip watching entire videos - get the full transcript, search for keywords, and copy with one click.
Share:
Video Transcript
Video Summary
Summary
Core Theme
This video demonstrates how to configure Microsoft Entra Private Access and Quick Access to enable secure, VPN-less access to on-premises resources for remote users.
Mind Map
Click to expand
Click to explore the full interactive mind map • Zoom, pan, and navigate
>> [music]
>> Hello, everyone, and welcome to our Global Secure
Access video series. My name is Mohammad Zmaili,
and I'm a Product Manager in Identity and Network Access
in Customer Experience Engineering team.
Let's get started.
All right. Let's dive in. First, we will be enabling and
configuring Entra private access. Then we will be
downloading and installing private network connector.
Next, we will be configuring Quick access as VPN
replacement. And finally, we will be installing Global Secure
Access client and accessing on-premises shared folder
from a remote device.
First of all we need to open Entra portal by going to
entra.microsoft.com. And here, we need to sign in using a
user account who has either Global administrator role or
both Global Secure Access administrator and Application
administrator roles. So let's sign in.
In Entra portal, we can
collapse identity and go to Global
Secure access. If this is your first time accessing Global
Secure Access on your tenant, you may need to activate it,
but it's already activated in our case here.
So next step is to enable
private access profile. To do that,
we click on Connect, Traffic forwarding, and we enable
Private Access profile. Okay.
Then we need to configure
Private Access Profile assignments.
To do that ,we click on View under User End Group
Assignments, and we need to add our Remote Users group.
Assign.
Now the Private Access profile is enabled, and user
assignment has been configured successfully.
Next step is to install Private Network Connector.
To do that, we click on Connectors,
and we click on Download Connector Service.
Accept terms and download. And open Private Network
Connector Installer.
Before installing the connector, we need to make sure that
TLS 1.2 is enabled on our server. To do that, we can run
this PowerShell script, which is already available in our
public documentation.
Also, we can verify TLS 1.2 registry keys by going to this
path. As we can see here, TLS 1.2 is already enabled for
both client and server. If you just run the PowerShell script,
you need to restart the server. Also, you need to make
sure Port 80 and 443 are open for outbound traffic before
installing the connector.
Now, let's go back to our connector client.
We click on Agree. Install.
We sign in to Entra ID.
Now, Microsoft Entra Private Connector has been installed
successfully. And to verify the network connector status,
we refresh this page.
As we can see here the connector is active.
Next is to configure Quick Access. To do that, again,
we collapse identity, and we go to Global Secure Access
application and click on Quick Access.
We give Quick Access a name, for example, Quick Access.
And we need to configure application segment.
To do that, we click on Add Quick Access Application
Segment. And you can configure application segment by
IP address, full qualified domain
name, or IP address range.
In our case here, we are going to specify the subnet that
has all servers that we want remote users to access.
So we select IP address. And
we add the subnet for our servers.
Then we need to specify the ports. In our case here,
we are going to open all ports. And keep in mind to
exclude Port 53 from the ports because DNS resolution will
be taking care of private DNS enable. Both TCB and UDB
protocols. Apply.
Also, we need to add our local domain. To do that,
we click, again, on Add Quick Access Application Segment.
This time we are going to
select full qualified domain name,
and we add our local domain name. Make sure to add star
before the domain name. Again, we are going to Add All
Ports except DNS port, and we select both TCB and UDB
ports. Apply.
Now we click on Save.
Next, we need to enable
Private DNS. To do that, we click
on Private DNS tab and select Enable Private DNS checkbox.
Then we add our DNS suffix.
We click on Add, then Save one more time.
Now, we need to configure Quick Access assignments.
To do that, we click on Quick Access one more time.
Now, we can see Users and Groups tab has been added.
So we click on it. And we Add Remote Users Group.
Just like Private Access profile.
We select and click on Assign.
Now, Quick Access is configured successfully, and the
Quick Access Assignment has been configured successfully
as well. Next step is to install GSA client on client machine.
We are currently on end user's device who's working from
home, and we need to install Global Secure Access client
application. This can be done automatically using your
MDM solution like Microsoft Intune, or this can be done by
installing it manually.
For our demo here, we are going to do it manually.
You can get GSA client
application from Entra portal under
Global Secure Access Client Download.
For our demo here, it's already on our desktop,
so let's install it.
Agree and install.
Yes.
Global Secure Access Client Application has been installed
successfully, and as we can see here, user already signed
in successfully seamlessly without the need to enter their
credentials. Keep in mind, client's device should be either
Entra join or hybrid Entra join. In our case here, we can
see the device is already connected to Entra ID as Entra
join device. Currently, we have the client application
installed, and we need to resolve our file server on local
active directories. To do that, we run Resolve-Dns
PowerShell command.
And as we can see here, the DNS was able to resolve the
file server successfully.
Now, we need to open
shared folder on this file server.
To do that, we open File Explorer, and we add the shared
folder path. And as we can see here, remote user was able
to access corporate data successfully.
That's it for this video. [music]
We hope you find it useful.
For further resources, please see the description below.
>> [music]
Click on any text or timestamp to jump to that moment in the video
Share:
Most transcripts ready in under 5 seconds
One-Click Copy125+ LanguagesSearch ContentJump to Timestamps
Paste YouTube URL
Enter any YouTube video link to get the full transcript
Transcript Extraction Form
Most transcripts ready in under 5 seconds
Get Our Chrome Extension
Get transcripts instantly without leaving YouTube. Install our Chrome extension for one-click access to any video's transcript directly on the watch page.
