Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This operations guide suite provides prescriptive, post-deployment procedures for running Microsoft Entra Global Secure Access in an enterprise environment. The guides cover day-to-day alerting, health checks, integration, automation, and metrics—focusing on operational tasks that keep the service reliable, secure, and performant.
Who this guide is for
- IT administrators and network security engineers responsible for Global Secure Access configuration and maintenance
- Platform operations and monitoring engineers who manage health checks, automation, and dashboards
- Security leadership reviewing operational metrics and service value
This guide assumes Global Secure Access is already deployed and configured. For deployment and initial setup, see the Global Secure Access deployment guide. For broader identity-layer security investigations and incident response, see the Microsoft Entra Security Operations Guide.
Overview
The operational practices in these guides align with the Information Technology Infrastructure Library (ITIL) service management processes and the National Institute of Standards and Technology (NIST) Cybersecurity Framework. Rather than teaching these frameworks, the guides apply their principles directly: alert-first monitoring (NIST Detect), structured change management (ITIL), configuration backup and failover testing (NIST Recover), and continuous improvement through metrics-driven reviews.
The guide suite groups content by Global Secure Access capability, plus a shared common guide for cross-cutting topics.
Shared operations
| Guide | What it covers |
|---|---|
| Common operations | RACI matrix (responsible, accountable, consulted, informed) for roles and responsibilities, change management process, metrics and reporting framework, continuous improvement |
Capability-specific operations
Each capability guide follows a consistent structure: Alerting and monitoring, Maintenance and health checks, Integration and automation, Operational metrics, and Troubleshooting quick reference.
| Guide | What it covers |
|---|---|
| Private Access operations | Connector health, application segment management, ZTNA-specific alerting, Graph API automation for connector and app management |
| Internet Access operations | Web filtering policy management, Transport Layer Security (TLS) inspection, URL categorization, threat blocking metrics |
| Remote Networks operations | GRE/IPsec tunnel monitoring, branch site capacity management, customer-premises equipment (CPE) device health, tunnel failover testing |
| Microsoft Traffic operations | Microsoft 365 traffic profile management, compliant network enforcement, Microsoft 365 endpoint coverage, service performance monitoring |
Templates and checklists
| Template | Purpose |
|---|---|
| Daily health check | Consolidated daily checklist covering all Global Secure Access capabilities |
| Private Access health check | Capability-specific checklist for Private Access connectors and application segments |
| Change request template | Structured template for Global Secure Access configuration change requests |
| Communication plan template | Template for communicating planned changes to stakeholders |
Getting started with operations
If you completed deployment, follow this sequence:
- Establish your team—Assign roles using the RACI matrix. Ensure at least two people cover each role.
- Configure alerting—Set up the critical alerts listed in each capability guide: Private Access, Internet Access, Remote Networks, and Microsoft Traffic. Don't rely on dashboards for issue detection.
- Establish baselines—Collect a 30-day performance baseline for traffic volume, latency, and usage. Calibrate alert thresholds against this baseline. Each capability guide includes Kusto Query Language (KQL) queries for baseline establishment.
- Set up automation—Start with configuration backups and alert notifications. Expand to the full automation playbook list over time.
- Schedule recurring checks—Implement the daily, weekly, and monthly checklists from each capability guide.
- Begin reporting—Start with weekly operational team reports. Add monthly management reports after the first month.