You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/firewall-manager/trusted-security-partners.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,13 +5,13 @@ author: vhorne
5
5
ms.service: azure-firewall-manager
6
6
services: firewall-manager
7
7
ms.topic: concept-article
8
-
ms.date: 08/03/2021
8
+
ms.date: 01/09/2025
9
9
ms.author: victorh
10
10
---
11
11
12
12
# What are security partner providers?
13
13
14
-
*Security partner providers* in Azure Firewall Manager allow you to use your familiar, best-in-breed, third-party security as a service (SECaaS) offerings to protect Internet access for your users.
14
+
*Security partner providers* in Azure Firewall Manager allow you to use your familiar, best-in-breed, partner security as a service (SECaaS) offerings to protect Internet access for your users.
15
15
16
16
With a quick configuration, you can secure a hub with a supported security partner, and route and filter Internet traffic from your Virtual Networks (VNets) or branch locations within a region. You can do this with automated route management, without setting up and managing User Defined Routes (UDRs).
17
17
@@ -35,7 +35,7 @@ You can use the security partners to filter Internet traffic in following scenar
35
35
36
36
- Branch-to-Internet
37
37
38
-
Use your Azure connectivity and global distribution to easily add third-party NSaaS filtering for branch to Internet scenarios. You can build your global transit network and security edge using Azure Virtual WAN.
38
+
Use your Azure connectivity and global distribution to easily add partner NSaaS filtering for branch to Internet scenarios. You can build your global transit network and security edge using Azure Virtual WAN.
39
39
40
40
The following scenarios are supported:
41
41
- Two security providers in the hub
@@ -55,19 +55,19 @@ Internet traffic typically includes web traffic. But it also includes traffic de
55
55
56
56
- Use Azure Firewall for protection if your traffic consists mostly of Azure PaaS, and the resource access for your applications can be filtered using IP addresses, FQDNs, Service tags, or FQDN tags.
57
57
58
-
- Use a third-party partner solution in your hubs if your traffic consists of SaaS application access, or you need user-aware filtering (for example, for your virtual desktop infrastructure (VDI) workloads) or you need advanced Internet filtering capabilities.
58
+
- Use a partner solution in your hubs if your traffic consists of SaaS application access, or you need user-aware filtering (for example, for your virtual desktop infrastructure (VDI) workloads) or you need advanced Internet filtering capabilities.
59
59
60
60
61
61
62
62
## Handling Microsoft 365 traffic
63
63
64
-
In globally distributed branch location scenarios, you should redirect Microsoft 365 traffic directly at the branch before sending the remaining Internet traffic your Azure secured hub.
64
+
In globally distributed branch location scenarios, redirect Microsoft 365 traffic directly at the branch before sending the remaining Internet traffic your Azure secured hub.
65
65
66
66
For Microsoft 365, network latency and performance are critical for successful user experience. To achieve these goals around optimal performance and user experience, customers must implement Microsoft 365 direct and local escape before considering routing the rest of Internet traffic through Azure.
67
67
68
68
[Microsoft 365 network connectivity principles](/microsoft-365/enterprise/microsoft-365-network-connectivity-principles) call for key Microsoft 365 network connections to be routed locally from the user branch or mobile device and directly over the Internet into nearest Microsoft network point of presence.
69
69
70
-
Furthermore, Microsoft 365 connections are encrypted for privacy and use efficient, proprietary protocols for performance reasons. This makes it impractical and impactful to subject those connections to traditional network level security solutions. For these reasons we strongly recommend that customers send Microsoft 365 traffic directly from branches, before sending rest of the traffic through Azure. Microsoft has partnered with several SD-WAN solution providers, who integrate with Azure and Microsoft 365 and make it easy for customers to enable Microsoft 365 direct and local Internet breakout. For details, see [What is Azure Virtual WAN?](../virtual-wan/virtual-wan-about.md)
70
+
Furthermore, Microsoft 365 connections are encrypted for privacy and use efficient, proprietary protocols for performance reasons. This makes it impractical and impactful to subject those connections to traditional network level security solutions. For these reasons we strongly recommend that customers send Microsoft 365 traffic directly from branches, before sending rest of the traffic through Azure. Microsoft is partnered with several SD-WAN solution providers, who integrate with Azure and Microsoft 365 and make it easy for customers to enable Microsoft 365 direct and local Internet breakout. For details, see [What is Azure Virtual WAN?](../virtual-wan/virtual-wan-about.md)
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments