[AZURE] Security Service Edge (SSE) and Microsoft Entra ID

Posted on Link State By Link State No Comments on [AZURE] Security Service Edge (SSE) and Microsoft Entra ID
Azure SASE

Hello everyone, MS Azure is changing its approach on cloud security, implemented the new Security Service Edge (SSE) solution. In this article, we shall discuss “[AZURE] Security Service Edge (SSE) and Microsoft Entra ID”. Please, see Pull and Push Commvault Images to Azure Container Registry, how to Install SQL Server Always On & Configure Veeam Plug‑in for SQL, and how to Migrate Active Directory Domain and Forest with Veeam Replica.

In today’s cybersecurity landscape, traditional perimeter-based security models are no longer sufficient to meet the demands of cloud-first, hybrid, and highly distributed environments. Microsoft has embarked on an evolution of its security strategy by introducing the Security Service Edge (SSE) concept and consolidating identity services under the Microsoft Entra brand.

In this context, Azure Active Directory (Azure AD) has been renamed Microsoft Entra ID. Marking not merely a change in name. But a conceptual shift toward a more integrated, Zero Trust–oriented, and cloud-native identity management approach. Identity becomes the new security perimeter, tightly integrated with SSE services such as Conditional Access, application protection, access control, and threat prevention.

This blog aims to provide a technical and practical analysis of the integration between Security Service Edge and Microsoft Entra ID. Clarifying what changes compared to Azure AD. The architectural, operational, and governance impacts, and how to best leverage these technologies to enhance the security posture of modern organisations.

Through in-depth discussions, real-world scenarios, and best practices, we will explore how Microsoft Entra serves as the core of the Zero Trust strategy and how SSE contributes to protecting users, devices, and applications wherever they are located.

What is the Security Service Edge?

Security Service Edge, or SSE, as defined by Gartner in the Hype Cycle for Cloud Security in 2021. Is the security component of SASE that protects access to the web, SaaS applications and private applications. It includes advanced security features such as Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Zero Trust Network Access (ZTNA) and Firewall as a Service (FWaaS).

Please, see Harden Active Directory Using CIS Benchmark and MSCT 1.0, how to Add a Delete Lock on Azure Resources, and How to Create a User and Custom Domain in Entra ID.

Explanation of Security Service Edge (SSE)

With the emerge of hybrid work environments, users are connecting from anywhere and from any device, accessing business applications and sensitive data directly in the cloud. As the traditional security perimeter continues to dissolve, security functions must also move to the cloud.

SSE enables organisations to apply consistent security in the cloud and protect access to applications distributed across multiple clouds, data centres and software-as-a-service applications.

An SSE solution, when combined with an advanced SD-WAN, creates a Secure Access Service Edge (SASE) architecture that significantly improves the end-user experience for applications hosted in the cloud.

Please, see how to Install Microsoft Edge Browser on Ubuntu Linux, and “Edge GPO settings: All Group Policies available to configure Microsoft Edge Settings“.

How does SSE work?

An SSE solution protects remote access to the web, cloud services and private applications. Traditionally, companies centrally hosted their applications in data centres, facilitating a range of security inspections such as firewalls and IDS/IPS.

With the shift of applications to the cloud and remote work initiatives, companies struggle to protect applications from external threats as they operate in distributed environments outside the traditional security perimeter.

Existing network infrastructures prevent IT departments from monitoring all connections between users and SaaS applications. Furthermore, routing traffic destined for the cloud to the data centre for security inspection has a significant and negative impact on application performance and user experience.

Security Service Edge solutions are services delivered in the cloud that enable organisations to perform advanced security inspections closer to endpoints, including users and devices. They create a dynamic security perimeter that provides threat protection, data security, security monitoring and access control regardless of where users connect.

Components of SSE

Security Service Edge (SSE) comprises four basic security components. See below for more information. Also, see Delete Azure Tenant: Remove Custom Domain from Entra ID.

SASE = SD-WAN + SSE

sase-min

Please, see how to Add or delete users and set permissions in Azure AD, and

ZTNA 

This assumes that, by default, no user can access anything until proven otherwise. Unlike a VPN, which offers connected users broad access to the corporate network, ZTNA limits user access, via a trust broker, to only specific applications or microsegments approved for the user.

CASB 

It identifies and detects sensitive data in cloud applications, including cloud-to-cloud access, and enforces security policies such as authentication and Single Sign On (SSO). It prevents users from signing on and using cloud applications that are not authorised by the organisation’s IT and security policies.

SWG 

This protects organisations from web-based threats using various defence techniques. It interposes itself between the user and a website, so that users connect to the SWG solution, which performs several security inspections, including URL filtering, malicious code detection and web access control, and then redirects traffic to the website.

FWaaS 

This is a cloud-based firewall that analyses traffic from multiple sources. FWaaS consolidates traffic from multiple locations managed by the organisation, including headquarters, remote branches and mobile users.

It often supports critical access controls such as IDS/IPS, advanced threat prevention, URL filtering and DNS security.

DLP 

In addition to the main functionalities mentioned above, other security services such as Data Loss Prevention (DLP), Remote Browser Isolation (RBI) and sandboxing can be offered.

Azure Active Directory (Azure AD) now Microsoft Entra ID

Microsoft has unveiled two new additions to its Entra product family, a suite of cloud-based solutions for enterprise customers.

The new services, Entra AI and Entra Data, aim to provide users with powerful and flexible tools for artificial intelligence and data management. Both tools come after Microsoft revealed that Azure Active Directory (Azure AD) will be renamed Microsoft Entra ID.

I hope you found this article on “[AZURE] Security Service Edge (SSE) and Microsoft Entra ID” very useful. Please, feel free to leave a comment below.

5/5 - (1 vote)
AWS/Azure/OpenShift Tags:, , ,

Related Posts

More Related Articles

images 2 1 How to create an AMI using AWS console AWS/Azure/OpenShift
sonarcloud How to Integrate SonarCloud with Azure DevOps Pipeline AWS/Azure/OpenShift
Webp.net resizeimage 1 Automate Infrastructure Deployments in the Cloud with Ansible and Azure Pipelines AWS/Azure/OpenShift
images Lifecycle rules: Transition to Glacier still appears in s3 AWS/Azure/OpenShift
Azure logo 1 Azure Active Directory: Why do I need to deploy Azure AD? AWS/Azure/OpenShift
IAM AWS Creating IAM Users, Adding MFA and Policies on AWS AWS/Azure/OpenShift

Leave a Reply