The Collective

Inside Microsoft Global Secure Access: Architecture, Profiles, and Real-World Use Cases

by | Sep 18, 2025 | Blog

Inside Microsoft Global Secure Access Architecture, Profiles, and Real-World Use Cases

Microsoft’s Global Secure Access (GSA) is more than just a new acronym in the Secure Service Edge market. It represents a shift in how network security is delivered by moving from a network-first to an identity-first approach.

How It Works

At its core, GSA combines:

    1. Cloud-based enforcement – no physical appliances to manage.
    2. A lightweight endpoint agent – built on mTLS and a filter-driver model rather than heavy IPsec tunnels.
    3. Deep Microsoft integration – with Conditional Access, device compliance, and Entra ID governance.

“If you are already running in the Microsoft stack, GSA only has more benefits to adopt it,” notes Thor Nicolaï. “It ensures zero trust and a unified platform for protecting users wherever they are.”

Breaking Down the Three Profiles

    • Private Access: Securely connects users to private applications, whether on-premises or in the cloud. Micro-segmentation reduces the attack surface, and Quick Access mode allows a fast lift-and-shift from legacy VPNs.
    • Internet Access: Delivers web category filtering, TLS inspection, and identity-based policy enforcement for safer browsing and SaaS use.
    • Microsoft 365 Access: Routes M365 traffic directly to Microsoft’s backend, enriching logs and restoring source IP visibility.

“One of the big advantages of the M365 profile is source IP restoration,” explains Thor Nicolaï. “It gives SOC analysts the real IP address of the user, which many SSE tools can’t, and it makes Entra ID Protection much more accurate.”

For the SOC and Beyond

GSA’s logging capabilities go beyond the basics. Enriched M365 logs include latency data and token details, while TLS inspection enables visibility into encrypted traffic. Conditional Access can even check for a “compliant network” before allowing sensitive access.

Start with use case identification, set up connectors, build policies, deploy the agent, and integrate with identity tools.

The Collective has deep technical expertise in GSA architecture, deployment, and SOC integration. We can guide you through every step of implementing GSA to strengthen both network and identity security.

Hear more on our GSA-focused podcast  at Insights – Podcast – The Collective Consulting. and contact us to learn how we can help you get the most out of your investment.

Join us for a webinar on October 6 where we will discuss the ins and out of Microsoft GSA. Sign up here: Microsoft GSA Webinar.