Q&A
Why Its Time to Move Beyond VPNs
Microsoft security expert Richard Hicks explains why now is the time for enterprises to replace legacy VPNs with Entra Private Access and adopt a Zero Trust network access model.
As enterprise security strategies evolve, the traditional VPN is quickly showing its age. Microsoft's Entra Private Access, a key component of the Entra Global Secure Access suite, is emerging as a modern, cloud-first alternative. At this summer's TechMentor conference in Redmond (Aug. 11-15), security expert Richard Hicks will lead a session detailing how organizations can shift from VPNs to a Zero Trust model with Entra.
Ahead of his TechMentor session, Hicks -- a consultant with over 25 years of experience in secure remote access and PKI -- spoke with Redmondmag about the risks of legacy VPNs, how Entra Private Access works, and the practical steps to implement it in enterprise environments.
Redmondmag: Many organizations still rely on legacy VPNs. What are some of the biggest security risks associated with traditional VPN solutions?
Hicks: Legacy VPN continues to serve the enterprise well, especially for those organizations heavily invested in classic Active Directory and domain-joined endpoints. However, there are certainly risks involved. The most significant security risk with enterprise VPN is the lack of strong authentication for VPN access. Far too many organizations rely on usernames and passwords alone, which is incredibly risky. Phishing-resistant credentials such as hardware-backed digital certificates are recommended. Additionally, integration with Entra Conditional Access will further improve security posture and reduce the attack surface.
Entra Private Access is positioned as a VPN replacement. What are the key advantages it offers over traditional VPN solutions?
Entra Private Access is an identity-centric zero-trust network access (ZTNA) solution that replaces traditional VPN solutions. It offers many significant advantages over VPN. Entra Private Access provides limited access to network resources defined granularly and explicitly by administrators. Also, Entra Private Access integrates tightly with Entra Conditional Access, allowing administrators to create adaptive access policies that enforce credential strength and multifactor authentication (MFA) when necessary.
What are some best practices for organizations implementing Entra Private Access for the first time?
Switching from a full, open-access VPN to a complete zero-trust solution in one step isn't easy. When implementing Entra Private Access for the first time, administrators should enable Quick Access. Quick Access mimics a traditional VPN by granting access to all internal resources on all protocols and ports. Once deployed, administrators can leverage Application Discovery to identify application traffic and migrate it to per-app Enterprise applications. This enables graceful migration from full-access VPN to zero trust network access.
What role does Entra Private Access play in a broader Zero Trust security strategy, and how does it complement other Entra security solutions?
Entra Private Access is crucial to an organization's overall Zero Trust security strategy. The Global Secure Access (GSA) client used by Entra Private Access extends the functionality of Entra Conditional Access by providing network location signals for which policy can be applied. For example, with GSA, administrators can define trusted and compliant network locations and use GSA signals to enforce conditional access policies based on the network location of the endpoint.
With over 25 years of experience in security infrastructure, what excites you most about the shift toward Zero Trust and solutions like Entra Private Access?
The shift toward zero-trust network access solutions like Entra Private Access is exciting because it represents a paradigm shift in thinking about secure remote access. Traditionally, the endpoint was considered "trusted" and given broad access to the internal network. With zero trust, we're now moving toward an explicit trust model where no user or device is implicitly trusted, but instead, access is granted explicitly. In addition, zero-trust solutions like Entra Private Access are entirely cloud-based, freeing administrators from the burden of managing and supporting complex internal infrastructure.
For more insight on how Entra Private Access can improve your enterprise security plan, make your plans to attend Richard Hicks' TechMentor session, "Zero Trust Network Access with Entra Private Access."
Register by June 6 to save $400!