You have multiple on-premises devices that run either Windows or Linux.
You have a Microsoft 365 E5 subscription.
You configure Microsoft Entra Internet Access.
You need to ensure that all the on-premises devices route internet traffic through Global Secure Access for security policy evaluation.
What should you do in the Microsoft Entra admin center?
Correct Answer: A
Comprehensive and Detailed In-Depth Explanation:
Let's break this down step by step based on Microsoft Entra Internet Access, Global Secure Access, and the requirements for routing internet traffic from on-premises devices, as outlined in Microsoft Identity and Access Administrator documentation.
Understanding the Scenario and Requirements:
On-premises devices running Windows or Linux:The devices are located in an on-premises environment (e.g., a corporate office or branch) and run either Windows or Linux operating systems.
Microsoft 365 E5 subscription:This subscription includes Microsoft Entra ID P2 and Microsoft Entra Internet Access, which are part of the Global Secure Access suite. This provides the necessary licensing for the solution.
Microsoft Entra Internet Access:This is a Secure Web Gateway (SWG) solution that securesinternet and SaaS app access by routing traffic through Microsoft's Security Service Edge (SSE) for policy evaluation (e.g., web content filtering, Conditional Access).
Requirement:All on-premises devices must route their internet traffic through Global Secure Access for security policy evaluation. Global Secure Access is the unified framework for Microsoft Entra Internet Access and Microsoft Entra Private Access, providing a centralized way to manage network traffic security.
How Global Secure Access Routes Internet Traffic:
Global Secure Access can route internet traffic in two primary ways:
Global Secure Access Client:This client is installed on individual devices (e.g., Windows, macOS, Android, iOS) and routes traffic from the device to Microsoft's SSE for policy evaluation. The client is user-aware and integrates with Microsoft Entra ID for identity-based policies.
Remote Network:This method creates an IPsec tunnel between an on-premises network (e.g., a branch office) and Microsoft's SSE. All internet-bound traffic from devices in the network is routed through the tunnel for security policy evaluation, without requiring a client on each device.
The question involvesmultiple on-premises devicesrunning Windows or Linux, which suggests a network- level solution may be more practical than installing a client on each device, especially since Linux support for the Global Secure Access client is limited.