I am evaluating Entra Private Access and all generally works as advertised, but I will not work over the built-in mobile broadband (LTE) connection of my laptop. Does anybody have similar experience and solutions? Using client 1.7.376.1214
- Works well over various Wi-Fi networks of different ISPs, including tethering through my iPhone
- Over the mobile broadband connection, the status changes to "Disconnected"
Going to the Health Check of the Advanced diagnostics (formerly "Client Checker" before client update to 1.7.376.1214) ) it will show "Magic IP received: No".
Digging into wireshark and procmon, both cases are resolving the [tennant ID ].private.client.globalsecureaccess.microsoft.com DNS record successfully, and both successfully make a powershell " Test-NetConnection -InformationLevel Quiet -ComputerName [tennant ID ].private.client.globalsecureaccess.microsoft.com -Port 443" (to the same host on the same MS network over both connections). This does also gives a True when run manually.
These correspond to the debug steps given in https://learn.microsoft.com/en-us/troubleshoot/azure/microsoft-entra/troubleshoot-global-secure-access-client-windows-issues .
AFAIK there is no particular firewall rule blocking anything over broadband compared to Wi-Fi.
The event log gives just a "Global Secure Access client is disconnected from all channels"(Event 631) when switching off the Wi-Fi to be only connected via the LTE connection. No error preceding it. Just the every-minute update of the forwarding profile that goes on all the time and keeps succeeding even on the LTE.
Anybody got any additional hints?