Active Directory Access with Microsoft Entra Private Access
Рет қаралды 21,325
Күн бұрынUsing Microsoft Entra Private Access to talk to AD-trusted resources no matter where they may be, and how to integrate the protections of conditional access and more.
At time of recording the UDP and private DNS is in private preview that you sign-up for access.
📽️ Entra Private Access Deep Dive - • Deep Dive on Microsoft...
🔎 Looking for content on a particular topic? Search the channel. If I have something it will be there!
🤔 Due to the channel growth and number of people wanting help I no longer can answer or even read questions and they will just stay in the moderation queue never to be seen so please post questions to other sites like Reddit, Microsoft Community Hub etc.
▬▬▬▬▬▬ C H A P T E R S ⏰ ▬▬▬▬▬▬
00:00 - Introduction
00:23 - Entra-joined resource access
01:14 - Accessing AD-trusting resources
04:09 - Line-of-sight
04:54 - Private Access requirements
08:07 - DNS configuration
09:24 - DNS experience
11:02 - Talking to domain services
12:13 - Required ports
13:14 - Configuring Private Access for AD
14:38 - Configuration in Entra
16:19 - Viewing the tickets and experience
18:40 - The communication flow and adding conditional access
20:29 - Summary
21:27 - Close
▬▬▬▬▬▬ K E Y L I N K S 🔗 ▬▬▬▬▬▬
► Whiteboard:
🔗 github.com/johnthebrit/Random...
► Entra Joined access to AD resource documentation:
🔗 learn.microsoft.com/entra/ide...
► AD required ports:
🔗 learn.microsoft.com/troublesh...
▬▬▬▬▬▬ Want to learn more? 🚀 ▬▬▬▬▬▬
📖 Recommended Learning Path for Azure
🔗 learn.onboardtoazure.com
🥇 Certification Content Repository
🔗 github.com/johnthebrit/Certif...
📅 Weekly Azure Update
🔗 • Azure Infrastructure U...
☁ Azure Master Class
🔗 • Microsoft Azure Master...
⚙ DevOps Master Class
🔗 • DevOps Master Class
💻 PowerShell Master Class
🔗 • PowerShell Master Class
🎓 Certification Cram Videos
🔗 • Microsoft Certificatio...
🧠 Mentoring Content
🔗 • Virtual Mentoring
❔ Questions? Maybe I answered it in my FAQ
🔗 savilltech.com/faq
👕 Cure Childhood Cancer Charity T-Shirt Channel Store
🔗 johns-t-shirts-store.creator-...
👂 Enable the subtitles and from there you can translate to your native language via the auto-translate feature in settings! • KZfaq Captions and A... for a demo of using this feature.
SUBSCRIBE ✅ / @ntfaqguy
#microsoft #azure #johnsavillstechnicaltraining
@NTFAQGuy 3 ай бұрын
Hey everyone, let's talk to AD resources without a VPN! Please make sure to read the description for the chapters and key information about this video and others. ⚠ P L E A S E N O T E ⚠ 🔎 If you are looking for content on a particular topic search the channel. If I have something it will be there! 🕰 I don't discuss future content nor take requests for future content so please don't ask 😇 🤔 Due to the channel growth and number of people wanting help I no longer can answer or even read questions and they will just stay in the moderation queue never to be seen so please post questions to other sites like Reddit, Microsoft Community Hub etc. 👂 Translate the captions to your native language via the auto-translate feature in settings! kzfaq.info/get/bejne/rJuSaJZetc2pnX0.html for a demo of using this feature. Thanks for watching! 🤙
@FotisParperis 3 ай бұрын
As always such a great explanation John and definitely an eye opener regarding different options available for multiple configurations. The best part of this (as probably most will agree) is the fact that no direct ports are opened, and the integration with the conditional access element (which form my perspective I believe it is massive). To top this up complying with ZTNA makes this an awesome solution. I would even consider the option of utilising Entra Private access as part of a migration of laptops/desktops to Microsoft Entra (without hybrid joined) and if during that time there are certain pre-requisites that dictate the need for on-premises AD to be part of this, then it will still satisfy this option too. The options/possibilities are endless.
@DolanTheProDuck 3 ай бұрын
Wow. I was literally just looking for this!!
@VirtualPackets 3 ай бұрын
Great walk through John. Most the SSE/ZTNA vendors seem to follow this approach of using app connectors as it eliminates any inbound ports being opened which is always a plus 🙂some vendors also offer ICMP as well now.
@yulaw3289 3 ай бұрын
perfect! got something great for tonight, Thank you!😀
@namsabjm 3 ай бұрын
Great explanation! Thank you!
@KenPatterson-vw9yj 3 ай бұрын
LOL! As a past Corgi owner and D&D player/DM, I love that shirt!!!
@NZScottie 3 ай бұрын
I’ll be factoring this into finally removing the need for my last remaining subset of users on VPN. Thanks for these videos, it really does help me be more aware of what is out there.
@NTFAQGuy 3 ай бұрын
Very welcome!
@ggates5859 3 ай бұрын
Superb as usual.
@NTFAQGuy 3 ай бұрын
Thank you! Cheers!
@Teramos 3 ай бұрын
So many nice features... But im afraid it will be behind a 10$ per User/Month paywall after preview :(
@artisticcheese 3 ай бұрын
If you look at costs of other commercial products for ZTNA, this is actually pretty cheap
@AzureCloudCowboy 3 ай бұрын
Good Morning John
@ThorstenSauter 3 ай бұрын
Thanks for the video, John! I'm guessing we'd have to create multiple GSA applications for DCs in different locations, since the connector group is bound to the application?
@NTFAQGuy 3 ай бұрын
Right, for the different IPs accessible use different apps via different connectors.
@martyjames491 3 ай бұрын
Another awesome video! Is there support for resources on AzureADDS?
@NTFAQGuy 3 ай бұрын
This is all about enabling ports in a secure manner so shouldn’t matter
@tomstaelens7755 3 ай бұрын
it almost seems magic
@gavinhelyar 3 ай бұрын
Thanks John this is a great video, but you didn’t say that this is currently only available if you have signed up to the Private Preview. The Public Preview doesn’t support UDP yet, so you don’t get the Private DNS under Quick Access
@NTFAQGuy 3 ай бұрын
In the Entra Private Access video I think I mentioned that.
@dinndorf2011 3 ай бұрын
Yea hopefully soon this will be in the public preview
@AlexP-sy8rr 3 ай бұрын
What about hybrid entraid devices? Will devices lose domain trust or will this satisfy check in periods
@NTFAQGuy 3 ай бұрын
Would have to test this out since connectivity comes up only after user logs in. after user logs on, if all app segments are working, then it should sync the domain policies, etc.
@Wahinies 3 ай бұрын
How in the heck do you stay so on top of MS advancement John wow
@NTFAQGuy 3 ай бұрын
It’s my hobby and job :)
@cyclesix 3 ай бұрын
Global Secure Access client for MacOS and iOS would be amazing.
@NTFAQGuy 3 ай бұрын
This is on the very near roadmap for public preview.
@lesserleeking 3 ай бұрын
@@NTFAQGuy Is there a roadmap somewhere I could look at? Currently in POC and would love to know when what is planned
@dave0077 3 ай бұрын
When's this shirt available on the store? Please take my money (and give it to the charity.)
@NTFAQGuy 3 ай бұрын
I didn’t design this one, I think I got it off Amazon.
@netplansanzeigen 3 ай бұрын
Hey, when will Microsoft Entra Private Access general available / GA ?
@NTFAQGuy 3 ай бұрын
🤷♂️
John Savill's Technical Training
Рет қаралды 85 М.
Ryko Tech
Рет қаралды 8 М.