{"id":31079736,"url":"https://github.com/compcode1/deploy-global-secure-access-client","last_synced_at":"2025-09-16T10:59:19.630Z","repository":{"id":311185111,"uuid":"1042788962","full_name":"Compcode1/deploy-global-secure-access-client","owner":"Compcode1","description":"This project demonstrates the deployment process for the Microsoft Global Secure Access (GSA) Client, a core component of Microsoft's Secure Service Edge (SSE) architecture.","archived":false,"fork":false,"pushed_at":"2025-08-22T15:51:35.000Z","size":6,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-08-22T17:56:46.512Z","etag":null,"topics":["conditional-access-deployment","device-trust-integration","global-secure-access","policy-based-access-control","ztna"],"latest_commit_sha":null,"homepage":"","language":"Jupyter Notebook","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Compcode1.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-08-22T15:20:25.000Z","updated_at":"2025-08-22T15:51:38.000Z","dependencies_parsed_at":"2025-08-22T17:56:48.244Z","dependency_job_id":"0f884be0-74c2-4916-86c8-bc2635620443","html_url":"https://github.com/Compcode1/deploy-global-secure-access-client","commit_stats":null,"previous_names":["compcode1/deploy-global-secure-access-client"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/Compcode1/deploy-global-secure-access-client","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Compcode1%2Fdeploy-global-secure-access-client","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Compcode1%2Fdeploy-global-secure-access-client/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Compcode1%2Fdeploy-global-secure-access-client/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Compcode1%2Fdeploy-global-secure-access-client/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Compcode1","download_url":"https://codeload.github.com/Compcode1/deploy-global-secure-access-client/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Compcode1%2Fdeploy-global-secure-access-client/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":275407720,"owners_count":25459379,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-16T02:00:10.229Z","response_time":65,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["conditional-access-deployment","device-trust-integration","global-secure-access","policy-based-access-control","ztna"],"created_at":"2025-09-16T10:59:17.843Z","updated_at":"2025-09-16T10:59:19.618Z","avatar_url":"https://github.com/Compcode1.png","language":"Jupyter Notebook","readme":"**Deploy Global Secure Access Client**\n\nThis project demonstrates the deployment process for the Microsoft Global Secure Access (GSA) Client, a core component of Microsoft's Secure Service Edge (SSE) architecture. The client enables identity-aware access to internal (Private Access) and internet-based (Internet Access) resources, enforcing Conditional Access policies and network micro-segmentation.\n\n**Scenario**\nA hybrid workforce requires secure access to internal line-of-business (LOB) apps and SaaS services without relying on traditional VPN infrastructure. This project simulates the configuration and deployment of the GSA Client to enable seamless and policy-governed access.\n\n**Key Actions**\n• Review GSA client use cases and endpoint requirements\n• Simulate client installation and posture validation\n• Align deployment with Microsoft Entra Conditional Access architecture\n• Reinforce terminology such as Private Access, Traffic Forwarding Profiles, and Connectivity Points\n\n**Learning Objectives**\n• Understand the role of the GSA Client in Microsoft's modern perimeter strategy\n• Clarify semantic distinctions between GSA, Private Access, and Internet Access\n• Map deployment actions to the Entra Control Stack for identity governance alignment\n\n**Entra Control Stack Layers Touched**\n\n• Layer 1 – Authority Definition\n✅ Touched: Deployment required directory-level privileges to enable Global Secure Access (preview) and download the client. Actions were conducted with elevated permissions and are audit-eligible.\n\n• Layer 2 – Scope Boundaries\n⚠️ Initiated: While Traffic Forwarding Profiles were created, true scoping via identity-based rules or conditional access was not implemented in this project.\n\n• Layer 3 – Test Identity Validation\n✅ Partially Confirmed: The GSA client was installed and authenticated as a test user. Full enforcement logic (e.g., denial under misalignment) was not tested but is architecturally supported.\n\n• Layer 4 – External Entry Controls\n❌ Not Applied: No B2B, guest, or partner access scenarios were configured or evaluated.\n\n• Layer 5 – Privilege Channels\n⚠️ Referenced but Not Formalized: While deployment leveraged privileged access, no structured role delegation or scoped administration was designed or tested.\n\n• Layer 6 – Device Trust Enforcement\n❌ Not Activated: No Conditional Access policies tied to device posture, compliance, or trust were implemented.\n\n• Layer 7 – Continuous Verification\n❌ Not Integrated: Defender integration, traffic analytics, and risk-informed policies were not tested or reviewed.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcompcode1%2Fdeploy-global-secure-access-client","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcompcode1%2Fdeploy-global-secure-access-client","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcompcode1%2Fdeploy-global-secure-access-client/lists"}