What is the difference between AAD Conditional Access and Zscaler Private Access?

KD 61 Reputation points
2022-06-07T06:51:40.067+00:00

I'm planning to implement Zero Trust Network Access environment.
I want to realize that devices out of office can access to cloud services via internet directly.

I know I can manage the access to cloud services from them not only by AAD Conditional Access but also other 3rd party products like Zscaler Private Access.
As for accessing to on-premise apps in Zero Trust Network Access environment, I understand that i have to implement AAD Application Proxy. That's the one of difference.
However as for accessing to cloud apps, I'm not sure which one to choose AAD Conditional Access or other 3rd party products like Zscaler Private Access.

Anyone could you tell me what's the difference between AAD Conditional Access and Zscaler Private Access in that situation?

Sorry for my bad English...

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments No comments
{count} votes

Accepted answer
  1. Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator
    2022-06-08T00:42:07.777+00:00

    Hi @KD ,

    I understand that you are looking to see how Zscaler Private Access (ZPA) compares to Azure AD Conditional Access.

    Azure AD Conditional Access allows you to create conditions that either grant or deny access to resources for users based on whether these users meet certain criteria. The Conditional Access documentation defines the product this way:

    Conditional Access policies at their simplest are if-then statements, if a user wants to access a resource, then they must complete an action.

    So you can grant or deny access to users based on their locations, whether they perform MFA, whether they belong to the right groups, and other criteria. It allows for pretty granular, configurable access policies that rely on contextual factors to determine who can access resources, and it's just one component of Azure AD.

    I'm not particularly familiar with Zscaler Private Access, but from what I understand it appears to be more of a VPN alternative. It's a zero trust cloud-native Security Service Edge (SSE) solution that grants users access to internal applications based on principles of least privilege and isolates traffic between the user's device and the application. It evaluates users based on risk similar to Azure AD's risk-based Conditional Access, but it's an entirely different solution and its main focus isn't related to granting access based on conditions. https://www.zscaler.com/products/zscaler-private-access

    -
    If the information provided was helpful to you, please remember to "mark as answer" so that others in the community with similar questions can more easily find a solution.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.