This article is part of a series: Microsoft Global Secure Access – Private Access – Christoffer Klarskov Jakobsen – Microsoft Architect

Intro

Global Secure Access protects applications much more effectively and securely than traditional VPN solutions. When using conditional access together with global secure access, zero trust principles are maintained.

If you have servers on-premises and clients in the same location, you typically wouldn’t want the clients to connect via a traditional VPN connection, because there is a direct connection via the network.
So why not just do the same with Global Secure Access?

Considerations on why NOT bypassing GSA client

Can we say with certainty that our internal company network is as securely set up as Global Secure Access? My guess is that most companies trust far too much that their perimeter firewall keeps everything out and nothing malicious is found on the internal network.

At the same time, few have the same user for application partitioning once a client device is on the internal network.

These elements are built into Global Secure Access by design.

This is one of the primary reasons why I do not recommend bypassing Global Secure Access even if the client is on the same network location as the target application.

Some will use global secure access to protect latency sensitive applications that will often be faster via a traditional VPN solution, or at least run optimally on the internal company network because clients and servers are on the same network. In rare cases, one is forced to perform this bypass of global secure access.

How to bypass GSA on corporate network

The great Microsoft MVP Morten Knudsen has written a whole blog about this topic, including remediation script to use with Intune (Remediation scripts requires Windows 10/11 Enterprise or Windows 10/11 Virtual Desktop Access).

The article can be found using this link: Entra Private Access/GSA – Automatic Network Detection – Blog by Morten Knudsen about Microsoft Security, Azure, M365 & Automation