In this article, John Savill’s Technical Training delves into the new TLS inspection feature of Entra Internet Access. The author provides a comprehensive walkthrough, covering the underlying challenges with TLS, how to configure TLS inspection, managing trusted certificates, and monitoring client experiences. This overview is intended for cloud and security professionals interested in leveraging Microsoft Entra’s advanced network security capabilities.

Overview

John Savill offers a detailed walkthrough of the recently introduced TLS inspection feature within Entra Internet Access, a cloud security solution from Microsoft. TLS (Transport Layer Security) inspection enables organizations to examine encrypted network traffic in order to detect threats and ensure policy compliance without compromising data integrity.

Problems with TLS

The article begins by outlining the challenges posed by traditional TLS encryption, which, while effective at securing data in transit, can hinder visibility into malicious or unwanted content. This creates a gap in security monitoring and potential risks for organizations relying solely on encrypted traffic.

TLS Inspection Explained

Next, Savill explains how TLS inspection helps bridge this gap by decrypting traffic for inspection. He details the process of configuring Entra Internet Access to enable this capability, including how to provide Entra with a trusted root certificate authority (CA) for signing certificates on-the-fly.

Configuration and Setup

Step-by-step, the walkthrough covers:

  • Provisioning a trusted certificate for Entra
  • Implementing TLS inspection rules
  • Ensuring seamless client integration and user experience

Savill also demonstrates the client experience and discusses possible troubleshooting steps.

Monitoring and Summary

Finally, he highlights the monitoring capabilities within Entra Internet Access to keep track of inspected traffic and review security outcomes. The article wraps up with takeaways and tips for getting the most out of this security feature.

This resource is valuable for Azure and Microsoft cloud users seeking to enhance their network security through advanced inspection and traffic management.