Microsoft Entra ID · Global Secure Access
Global Secure Access Administrator
Can manage Microsoft Entra Private Access and Internet Access, configure traffic policies, and manage network security features.
Scope: Full administrative control over Global Secure Access (SSE) including Private Access and Internet Access
Permissions
- Configure Private Access apps
- Manage Internet Access policies
- Configure traffic forwarding
- Manage connector groups
- View network traffic logs
- Configure security profiles
- Manage compliant network policies
Common use cases
- Zero Trust Network Access configuration
- Private app access without VPN
- Internet traffic security policies
- Conditional Access integration
- Network traffic monitoring
- Secure access service edge (SASE) management
Best practices
- Start with Private Access for internal apps
- Integrate with Conditional Access policies
- Monitor traffic logs for anomalies
- Configure appropriate traffic profiles
- Use compliant network checks in CA
- Document app segment configurations
Security considerations
- Controls network-level access to resources
- Traffic policies affect connectivity
- Private Access replaces VPN - critical infrastructure
- Internet Access affects web filtering
- Monitor for policy misconfigurations
- This is a PRIVILEGED role due to network access control