Is it possible to have Global Secure Access client to run automatically when system is not connected to Microsoft VPN?

Question

We are currently testing the GSA from Entra, and trying to setup a plan to have the GSA client to connect automatically if in the event Microsoft VPN is not connected, and once connected to Microsoft VPN, have GSA client disabled.

Answer 1

Hello @Marcos Correa,

Thank you for posting your query on Microsoft Q&A.

Based on your description, it seems you are looking for a setting where the Global Secure Access (GSA) client connects automatically when Microsoft VPN is not in use, and disconnects as soon as Microsoft VPN is connected.

To address this, I performed a test in my tenant. When a user logs into their device, the GSA client automatically connects and seamlessly signs them in using their Microsoft Entra credentials via SSO, as the device has a valid Azure AD Primary Refresh Token (PRT).

However, when the user connects to the Microsoft VPN, the GSA client does not automatically disconnect. Instead, it continues to route traffic that requires securing through the Global Secure Access cloud service. The traffic routing is governed by the Forwarding Profiles configured in the portal, which determine which traffic is handled by the GSA client.

Unfortunately, the feature you’re looking for—automatic disconnection of GSA when Microsoft VPN is connected—is not available at this time. Users will need to manually disconnect the GSA client if they prefer to use only the Microsoft VPN.

I hope this information is helpful. Please feel free to reach out if you have any further questions.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Thanks,
Raja Pothuraju.