What is Zero Trust
Platform
- Security, Authorization & Access Controls
  Provides CASB, Malware Defense and DLP Across All Users, Devices & Resources
  - Secure Access Service Edge
    The most advanced SASE and Zero Trust platform that allows users to work from anywhere with fast and secure connections to all applications
  - Adaptive Access Policies
    Provides Continuous Conditional Access to Apps, Data & Services
  - Criteria-Based Access Policies
    Provides Role-Based Access to Sensitive Apps & Data
  - Malware Defense
    Prevents Ransomware & Device Infections
  - Data Loss Prevention
    Ensures Sensitive Information is not Lost
  - RBI and Browser Isolation
    Provides Contractors, 3rd Parties & BYOD Secure Access to Resources
  - Device Posture Checks
    Including Anti-malware, Firewall & Disk Encryption for Compliance
  - SSL Decryption
    Ensures Policies & Protection Apply to Encrypted Content
  - Secure Mobile Users
    Automatically & Transparently Secure All Traffic From Devices In & Out of the Office
  - Outbound Firewall Protection
    Extends Beyond the Physical Network Perimeter
  - DNS Security
    Quickly Secures BYOD Networks with Simple Configuration
- Application & Data Discovery
  Clearly Understand What Needs Protection
  - CASB
    Provides In-App Controls for Granular Access Decisions
  - Built-in Resource Catalog
    Enables Classification of Protected Apps and Services
  - Asset & Device Catalog
    Ensures Devices are Healthy, Compliant & Secure
  - Resource Labeling by Type & Security Objective
    Enables Risk Assessments and Understanding Business Impact of Sensitive Resources
  - Automatic Resource Discovery & Classification
    Reduces Overhead on Security Teams and Identifies Shadow IT
- Federated Identity Provider Integration
  Eliminates Unauthorized Users and Provides Role-Based Access Policies
  - SSO Identity Providers
    Integrates with Identity Providers Including Azure AD, Okta, Ping, SAML, OIDC
  - Step-Up Authentication
    Ensures the Right Level of Identity Confidence When Accessing Sensitive Resources
  - Group-Based Policies
    Leverage Okta, Azure AD and SAML Providers to Simplify Creation & Management of Security Policies
  - SSO for Legacy Apps
    Ensures Modern Authentication is Performed Even When Apps Do Not Support It
  - Supports Multiple Concurrent Identity Providers
    Authenticate Users Across Multiple Domains
- Alerting, Auditing, Logging & Reporting
  Provides In-Depth Detailed Visibility For Security Teams Across All Users, Devices & Transactions
  - Detailed Logging and Reporting
    Provides Visibility for Every Resource Transaction
  - Risk & Threat Reports
    List Infected Devices & High Risk Users
  - SIEM Integration
    Ensures Logs Are Copied to External Databases
  - Integrates with Your Security Stack
    Including ICAP, Proxy Chaining and Log Forwarding
- Connectivity to SaaS, Cloud & Datacenters
  Easily Protect Apps & Data Across SaaS, Cloud & Datacenters
  - Connect Organization Owned Devices
    Provides Access & Ensures Compliance Checks
  - Connect SaaS Apps
    Including O365 & Teams to Offload Overloaded On-Prem Proxies
  - Connect Cloud Providers
    Including AWS & Azure to Protect Multi-Cloud Resources
  - Connect On-Prem Resources
    Within Datacenters with Drop-In Proxy Replacements Eliminating High Renewal Costs
  - Terminal Server Protection
    With Unique Policies & Logging for Each User
  - IPsec & GRE Tunnels
    Provides Branch Office Local Internet Breakouts to Cloud Security
  - Private On-Prem Gateways
    Extends the Security Service Edge into the Datacenter to Protect Local Resources
  - Offload MPLS
    MPLS & SD-WAN Become More Efficient with Cloud Security
  - Dedicated Cloud IPs
    Enable Resource Anchoring to Ensure Proper Authorization & Third-Party Integration
Industry
- Mitie Switches to iboss For Fast and Secure Connections
  Mitie, a Global Provider of Smart Spaces, successfully migrates 8,500 devices from Zscaler to iboss in under 3 weeks.
  View Case study
- Business
  - Private Access VPN Replacement
    Replace VPN with Zero Trust Network Access allowing users to connect to private applications from anywhere
  - Cloud-Based Branch Office Web Security
    Eliminate data backhaul to on-prem appliances from remote offices
  - Microsoft 365 Features & Integration
    Native Microsoft integrations including Office 365, Microsoft Cloud App Security CASB and Azure
  - Stream Cloud Logs to Any External SIEM
    Gain visibility into web activity by streaming real-time log events directly from iboss cloud to your existing logging database or SIEM
  - Ensure GDPR Compliance
    The iboss cloud allows admin configurable zones to ensure cloud security is applied while meeting regulatory requirements
- Healthcare
  - For Healthcare
    Fast and Secure Connectivity from Anywhere, Designed for Healthcare
  - Secure Access Service Edge
    The most advanced SASE and Zero Trust platform that allows users to work from anywhere with fast and secure connections to all cloud applications
  - Private Access VPN Replacement
    Replace VPN with Zero Trust Network Access allowing users to connect to private applications from anywhere
  - Microsoft 365 Features & Integration
    Native Microsoft integrations including Office 365, Microsoft Cloud App Security CASB and Azure
  - Stream Cloud Logs to External SIEM
    Gain visibility into web activity by streaming real-time log events directly from iboss cloud to your existing logging database or SIEM
  - Integrates with your existing security stack
    Easily integrate iboss cloud with your existing workflows using a 100% open API
  - Terminal Server Protection in the Cloud
    User based policies and reporting for Windows Terminal Servers
  - Make MPLS and SD-WAN More Efficient with Cloud Security
    Send internet traffic directly to the cloud from branch offices to alleviate this load from private site-to-site connections
  - Data Loss Prevention
    Secure sensitive data with data loss prevention
- Finance
  - For Finance
    Fast and Secure Connectivity from Anywhere, Designed for Financial Institutions
  - Secure Access Service Edge
    The most advanced SASE and Zero Trust platform that allows users to work from anywhere with fast and secure connections to all cloud applications
  - Private Access VPN Replacement
    Replace VPN with Zero Trust Network Access allowing users to connect to private applications from anywhere
  - Microsoft 365 Features & Integration
    Native Microsoft integrations including Office 365, Microsoft Cloud App Security CASB and Azure
  - Stream Cloud Logs to External SIEM
    Gain visibility into web activity by streaming real-time log events directly from iboss cloud to your existing logging database or SIEM
  - Integrates with your existing security stack
    Easily integrate iboss cloud with your existing workflows using a 100% open API
  - Terminal Server Protection in the Cloud
    User based policies and reporting for Windows Terminal Servers
  - Make MPLS and SD-WAN More Efficient with Cloud Security
    Send internet traffic directly to the cloud from branch offices to alleviate this load from private site-to-site connections
  - Data Loss Prevention
    Secure sensitive data with data loss prevention
- Education
  - Web Filtering for CIPA Compliance
    Streamline web filtering and CIPA compliance for students whether on campus or at home
  - Granular Student Web Activity Reports
    Generate detailed web activity history reports for any student which includes on-campus at home Internet use
  - YouTube and Social Media Controls
    Safe access to Google, YouTube and social media including Safe Search enforcement
  - Automatic Safe Search Enforcement
    Enforce Safe Search across search engines including Google, Bing, Yahoo and YouTube
  - Create Teacher and Student Based Policies
    Flexible filtering polices for teachers vs. students across any device on or off network
  - Cloud Web Security for One to One Initiatives
    Easily take home devices in the cloud to ensure CIPA compliance at all times
  - Identify High Risk Students and Web Activity
    Helps detect at-risk and high-risk students sooner to avoid tragedies
  - Ensure Fast Connections During State Testing
    Achieve seamless and uninterrupted state testing
  - iboss Classroom Management
    Visually monitor the activities of all of your students, from any location
- Government
  - For Government
    Fast and Secure Connectivity from Anywhere, Designed for Government
  - Secure Access Service Edge
    The most advanced SASE and Zero Trust platform that allows users to work from anywhere with fast and secure connections to all cloud applications
  - Complete Data Isolation & Extensible Platform for Government Entities
    The best choice for government entities for fast and secure connections for users from anywhere with a SASE platform that completely isolates network data traffic
  - Private Access VPN Replacement
    Replace VPN with Zero Trust Network Access allowing users to connect to private applications from anywhere
  - Microsoft 365 Features & Integration
    Native Microsoft integrations including Office 365, Microsoft Cloud App Security CASB and Azure
  - Stream Cloud Logs to External SIEM
    Gain visibility into web activity by streaming real-time log events directly from iboss cloud to your existing logging database or SIEM
  - Integrates with your existing security stack
    Easily integrate iboss cloud with your existing workflows using a 100% open API
  - Terminal Server Protection in the Cloud
    User based policies and reporting for Windows Terminal Servers
  - Data Loss Prevention
    Secure sensitive data with data loss prevention
Use Cases
- Replacement Use Cases
- Replace VPN with ZTNA
- Replace Proxy with SSE
- Replace VDI with Browser Isolation
Resources
- IDC Research Study on iboss
  IDC research study shows organizations report they have significantly reduced risk related to security breaches, non-compliance, and revenue-impacting security events with iboss cloud even as they establish a more cost-effective security environment by minimizing hardware and bandwidth requirements.
  View IDC Report
- Cloud Data Centers
  View Global Cloud Points of Presence that deliver the iboss Zero Trust SSE
- Cloud Status
  View real time status of the global Zero Trust Security Service Edge
- News
  See iboss in the latest news
- Blog
  Latest insights on Zero Trust Security Topics
- Events
  Join us for upcoming events and webinars
- FAQ
  Get answers to frequently asked questions
- Solution Briefs
  Detailed solution briefs covering iboss Zero Trust Security Use Cases
- Reviews
  Recognized by industry experts as the leading Zero Trust Security Platform
- Case Studies
  Learn how the iboss platform has been leveraged by leading organizations around the world
- Cloud Compliance
  The iboss global cloud fabric meets industry standards and certifications, including SOC1, SOC2 and ISO compliance
- Patents
  The iboss platform is protected by over 250 issued and pending patents
- Demo Videos
  View videos and demos of the iboss Zero Trust Platform
- Awards
  The most award winning Zero Trust Security Service Edge
- Careers
  Join the iboss team
Partners
- iboss Partners
  Partnering with iboss for Success
- Technology Alliances
  The iboss Cloud Platform extends capabilities with leading Technology Alliances Partners
- iboss MSP
  Scale your MSP offering by leveraging iboss to secure Internet access in the cloud
Get Demo
Get Pricing

Blog

Securing Microsoft Azure with iboss SaaS Network Security

June 23, 2020

iboss and Microsoft Azure Working Together to Enable Secured Virtual Hubs

Overview

The iboss cloud secures Internet access on any device, from any location, in the cloud. iboss SaaS Network Security in Azure provides in-the-cloud security for Internet-bound traffic from Azure with gateways optimally located in Azure. Traffic receives best-of-breed internet protection, including compliance, web filtering, SSL inspection, file, and stream-based security, malware defense, and data loss prevention. The Azure traffic is secured in Azure, with centralized security policies and instant scaling as bandwidth grows.

Azure SaaS Network Security Prerequisites

An active iboss cloud account
Communicate to iboss operations the expected Azure regions where hubs will be connected to iboss and the number of iboss gateways expected in each region.
Verify or set the cluster settings to not sync ‘Tunnels’ and ‘Networks’ on the iboss platform.
An Azure Virtual WAN subscription
An Azure virtual hub with iboss selected as the Security Partner Provider
A VPN site configured for the virtual hub

For more information, see the Microsoft Azure Virtual WAN documentation here.

Configuring Microsoft Azure SaaS Network Security

Iboss/Azure API configuration

To integrate the Microsoft Azure account and settings with iboss, a valid Subscription ID, Client ID, Key, and Tenant ID are required.

From the iboss cloud admin console, click Integrations > Microsoft.

Enable Azure, as shown below:

To obtain the Subscription ID:

Log in to https://portal.azure.com/.
Obtain the Subscription ID by clicking All services > General > Subscriptions.

Copy the Subscription ID of the Azure role that you will register to the iboss application.

Paste this in the Subscription ID field on the iboss cloud Azure integration page.

To obtain the Application (Client) ID:

From the left navigation pane, click Azure Active Directory.
Then click App registrations in the pane that appears to the right.
Click + New registration and register a new application by providing a name and clicking Register.
Copy the Application (Client) ID for the newly created application.

Paste this in the Client ID field on the iboss cloud Azure integration page.

Note: You must add a role assignment to the application.

To add a role assignment:

From the left navigation pane, click Subscriptions.
Click the subscription name.
Click Access control (IAM) from the navigation pane.
Click + Add, then Add role assignment.
Select a role and apply it to the newly created application.
Save the role assignment.

Once added, ensure to copy the Key immediately as it will not be accessible after leaving the page.
Paste this in the Key field on the iboss cloud Azure integration page.

To obtain the Tenant ID:

From the left navigation pane, click Azure Active Directory.
Found in the Overview, copy the Tenant ID.

Paste this in the Tenant ID field on the iboss cloud Azure integration page.

From the iboss cloud Azure integration page, click Test Azure Settings, then Save.

Iboss/Azure networking configuration

To complete the tunnel connection from Azure to an iboss gateway, you need to associate specific Azure hubs to the iboss cloud gateways.

In the iboss cloud, GUI select Locations & Geomapping.

Click on a geographic region; in this example, Canada, to define a new zone.
Set the Enable Azure Virtual WAN toggle to YES to get a list of Azure Virtual Hubs (you may need to Sync Virtual Hub if the pull-down is blank.)
Select the virtual hub name deployed in Azure.
Then select Add New PAC Zone.

Tunnels will now be provisioned from the new VM to connect to the selected virtual hub. This process can take up to an hour.

Once the process is complete, new nodes will be visible from the Node Collection Management page on the iboss cloud. These new nodes will show Microsoft Azure as the deployment type.

In the Azure portal, the new Secured connectivity status can be viewed under Firewall Manager > Secured virtual hubs.

To be able to route traffic appropriately, local subnets need to be added to the gateway of interest for each of the two IPsec tunnels that were generated automatically.

To create a local subnet, click Network, then Local Subnets.

Then click +New Local Subnet/IP Range.

In the pop-up, enter the IPv4 Address, IPv4 Subnet, and Network Tunnel.

The Network Tunnel is one of the two names of the tunnels seen in the IPsec Tunnels page found on the iboss cloud. The IPv4 Address and IPv4 Subnet can be determined from the VM or VNET connected to the hub.

Repeat the same procedure for the second IPsec tunnel. The resulting configuration can be reviewed for both local subnets.