Zero Trust Network Access (ZTNA) to Control Application Access

How to keep your data safe with Zero Trust Network Access

Is your data safe? With all the cyberattacks happening these days, it’s a valid question to ask. One solution is to use Zero Trust Network Access (ZTNA). ZTNA creates a secure environment for your data by verifying users and devices before allowing them access. Learn more about how ZTNA can help keep your data safe in this blog post.

How to keep your data safe with Zero Trust Network Access

ZTNA is a new type of access control that replaces passwords with an authentication system. This requires users to first prove they are who they claim to be before gaining access to applications. A user enters their credentials and the Web Application Proxy server validates the credentials.

Then requests an access token from Azure AD. Azure AD validates the request and creates an access token. Then it returns it to the Web Application Proxy server.

The Web Application Proxy server then passes the access token to the application that is configured as a relying party in Azure AD. The application validates the access token and allows or denies the request from the user. The following steps are involved to integrate ZTNA:

1. Create an ADFS (Active Directory Federation Services) Farm and ADRDS (Active Directory Rights Management Services) Farm.

2. Configure ZTNA and the central policy store (ZTP) in Azure AD.

3. Add a Web Application Proxy to the internal network. Then it creates federation trusts between the Web Application Proxy and ADFS/ADRDS servers.

4. Add Web Application Proxy servers to the DMZ network as required by your design and security requirements. Now, add these servers to your Web Application Proxy pool.

5. Configure an application in Azure AD as a relying party trust for ADFS/ADRDS. This is using the URL of a Web Application Proxy server in the DMZ. So, this serves as the authentication endpoint for the application.

Web Application Proxy Servers

Implement the application access policy is defined in Azure AD. That is on all Web Application Proxy servers in your deployment (both internal and DMZ). The policy defines which applications can be accessed from which locations in your network.

So, which users or groups of users, and when those applications can be accessed or not. For example, external users might be able to access Salesforce. Then when they are inside your network but not when they are outside your network.

That is while inside your network they might be able to access Salesforce. This is any time during business hours. But only outside business hours if they already have logged on to the internal network; and so on.

ZTNA Deployment

Adding Web Application Proxy-enabled applications is required to the Web Application Proxy server. Then publishing them. Next, you need to configure your Web Application Proxy server to support the Zero Trust Network Access (ZTNA) authentication protocol.

Then, you need to configure the server to act as an authentication endpoint for applications that are configured as relying parties in Azure AD. Test applications access to verify they function correctly when you implement the ZTNA policy. Next, monitor the performance of your ZTNA deployment.

That is by using Log Analytics and then making adjustments as necessary to optimize performance. Also, maintain your ZTNA deployment by reviewing event logs and adding new applications. Then update your ZTNA policy 

Click to rate this post!
[Total: 1 Average: 5]

Scroll to Top