Edit

Share via

Assign a remote network to a traffic forwarding profile for Global Secure Access (preview)

  • Article

If you're tunneling your Microsoft 365 traffic through the Microsoft Entra Internet Access service, you can assign remote networks to the traffic forwarding profile. Your end users can access Microsoft 365 resources by connecting to the service from a remote network, such as a branch office location.

There are multiple ways to assign a remote network to the traffic forwarding profile:

  • When you create or manage a remote network in the Microsoft Entra admin center
  • When you enable or manage the traffic forwarding profile in the Microsoft Entra admin center
  • Using the Microsoft Graph API

Prerequisites

To assign a remote network to a traffic forwarding profile to, you must have:

  • A Global Secure Access Administrator role in Microsoft Entra ID.
  • The preview requires a Microsoft Entra ID P1 license. If needed, you can purchase licenses or get trial licenses.
  • To use the Microsoft 365 traffic forwarding profile, a Microsoft 365 E3 license is recommended.

Known limitations

  • At this time, remote networks can only be assigned to the Microsoft 365 traffic forwarding profile.

Assign the Microsoft 365 traffic profile to a remote network

  1. Sign in to the Microsoft Entra admin center as a Global Secure Access Administrator.
  2. Browse to Global Secure Access (preview) > Devices > Remote network.
  3. Select a remote network.
  4. Select Traffic profiles.
  5. Select (or unselect) the checkbox for Microsoft 365 traffic forwarding profile.
  6. Select Save.

Screenshot of the traffic profiles in Remote networks.

Assign a remote network to the Microsoft 365 traffic forwarding profile

  1. Browse to Global Secure Access (preview) > Connect > Traffic forwarding.
  2. Select the Add/edit assignments button for Microsoft 365 traffic profile.

Screenshot of the add/edit assignment button on the Microsoft 365 traffic profile.

Assign a traffic profile to a remote network using the Microsoft Graph API

Associating a traffic profile to your remote network using the Microsoft Graph API is two-step process. First, you need to get the traffic forwarding profile ID. This ID is unique for all tenants. With the traffic forwarding profile ID, you can assign the traffic forwarding profile with your remote network.

A traffic forwarding profile can be assigned using Microsoft Graph on the /beta endpoint.

  1. Open a web browser and navigate to the Graph Explorer at https://aka.ms/ge.
  2. Select GET as the HTTP method from the dropdown.
  3. Select the API version to beta.
  4. Enter the query. 
    GET https://graph.microsoft.com/beta/networkaccess/forwardingprofiles
  5. Select Run query.
  6. Find the ID of the desired traffic forwarding profile.
  7. Select PATCH as the HTTP method from the dropdown.
  8. Enter the query. 
        PATCH https://graph.microsoft.com/beta/networkaccess/branches/d2b05c5-1e2e-4f1d-ba5a-1a678382ef16/forwardingProfiles
    {
        "@odata.context": "#$delta",
        "value":
        [{
            "ID": "00aa00aa-bb11-cc22-dd33-44ee44ee44ee"
        }]
    }
  9. Select Run query to update the branch.

Terms of Use

Your use of the Microsoft Entra Private Access and Microsoft Entra Internet Access preview experiences and features is governed by the preview online service terms and conditions of the agreement(s) under which you obtained the services. Previews may be subject to reduced or different security, compliance, and privacy commitments, as further explained in the Universal License Terms for Online Services and the Microsoft Products and Services Data Protection Addendum (“DPA”), and any other notices provided with the Preview.

Next steps