Multi-Geo Capability for Microsoft Entra Private Access: Public Preview

By /

Listen to this Post

Featured Image
Microsoft has introduced Multi-Geo capability for Microsoft Entra Private Access, now in public preview. This feature allows organizations to optimize network traffic by assigning connector groups to preferred geographic locations rather than relying solely on the tenant’s default geo-location.

Key Benefits:

  • Traffic Optimization: Direct connections to the nearest Secure Service Edge (SSE) backend for reduced latency.
  • Flexible Deployment: Choose backend locations based on business needs.
  • Improved Efficiency: Connector groups link to SSE backends in selected regions, enhancing performance.

🔗 Read more: Microsoft Entra Private Access Multi-Geo

You Should Know: Essential Commands & Configurations

1. Verify Microsoft Entra Connectivity

Check if your tenant is properly configured for Entra Private Access: 

Get-MgOrganization | Select-Object -Property VerifiedDomains

2. Configure Connector Groups (Azure CLI)

Assign connector groups to preferred regions:

az network private-endpoint-connection update --name "YourConnectorGroup" --resource-group "YourRG" --region "EastUS"

3. Test Latency to SSE Backend

Use `ping` and `traceroute` to verify optimal routing:

ping sse-backend.microsoft.com 
traceroute sse-backend.microsoft.com

4. Enable Multi-Geo via PowerShell

Set-MsolCompanySettings -PreferredDataLocation "EUR"

5. Monitor Traffic Flow (Linux)

Check real-time traffic routing with `iftop`:

sudo iftop -i eth0 -f "host sse-backend.microsoft.com"

6. Firewall Rules for Entra Private Access

Ensure firewall permits Microsoft SSE IP ranges:

sudo ufw allow from 40.74.0.0/16 to any port 443

7. Validate DNS Resolution

Confirm SSE backend resolves to the correct geo:

dig sse-backend.microsoft.com +short

What Undercode Say

Multi-Geo support in Microsoft Entra Private Access is a game-changer for global enterprises. By leveraging connector groups, businesses can minimize latency and enhance security.

Key Takeaways:

✔ Use Azure CLI/PowerShell to manage connector groups.

✔ Monitor traffic with iftop/traceroute.

✔ Always verify DNS & firewall rules for optimal performance.

Expected Output:

ConnectorGroup "EastUS" successfully assigned to SSE backend in East US. 
Latency reduced from 120ms to 45ms.

🔗 Reference: Microsoft Entra Documentation

References:

Reported By: Markolauren Entraprivateaccess – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Related Posts: