Microsoft has expanded the capabilities of its security services edge (SSE) offering with new features designed to enable zero-trust security.

Microsoft first introduced its SSE services under the Entra name in July as an early preview of its capabilities. At the Microsoft Ignite conference this week, the SSE platform was significantly expanded with more availability and capabilities than what was first previewed in July. The Entra name is Microsoft's new brand for its identity and access control technologies, including the technology formerly known as Active Directory and now known as Entra ID.

During a product update session at Ignite, Microsoft executives provided demonstrations of the updates and discussed how SSE delivers zero-trust network access across identities, devices and networks.

[caption id="attachment_136046" align="alignnone" width="624"] Alex Simons, Microsoft corporate VP, onstage at Ignite detailing the zero-trust approach.[/caption]

“Up until now we've had identities and endpoints,” Alex Simons, corporate VP of Microsoft identity and network access, said during the session. “I'm just really excited that with the addition of Entra private access and Internet access, now we can bring the network into that as well. So not only are we able to give you signals about ‘hey, is this the right person on the right device?’ but now we can tell you ‘hey, are they coming over secure network and where are they coming from?’”

Simons said that the integration of networking visibility provides a lot more zero-trust control capabilities to the platform.

By adding in a compliant network, he noted that Microsoft picks up the capability to do continued access evaluation, even for legacy applications. The network can now also be used to terminate a user session if something goes wrong or a device becomes infected, or if the user goes to a location in the network where they're not supposed to be.

“With the combination of network and identity we can do these amazing real-time mitigations,” Simons said. “The user, the device and the network are now all integrated into the zero-trust engine.”

Sinead O'Donovan, VP of product management, identity and network access at Microsoft, said that the initial preview in July was for Entra Internet Access and Entra Private Access. Those two products — in combination with Microsoft Defender for Cloud, which is a Cloud Access Security Broker technology — are what comprised the initial Microsoft SSE solution.

O'Donovan said that the Entra Internet Access service enables organizations to protect the user's device as they interact with the Internet. Entra Private Access enables the connectivity model to reach resources without having to join the corporate network. With the initial preview, Microsoft only included a secure web gateway to connect with Microsoft 365. At Ignite, the secure web gateway was shown as expanded to enable access to all applications.

On the private access side, new features include private Domain Name System as well as User Datagram Protocol support; previously the solution only supported Transmission Control Protocol connections.

Support has also been expanded beyond just Windows, with cross-operating system support for Apple MacOS, iOS and Android. Remote network access has also been expanded, enabling organizations to connect branch networks as well as virtual private cloud (VPC) networks

Availability of the preview has also been expanded. In July, the preview was available in North America and Europe, but now it's available everywhere in the world except for China and Russia. It’s not yet entirely clear when the Microsoft SSE platform will be generally available, though O'Donovan indicated that it is planned for the first half of 2024.