Knowledge base

January 04, 2024

Installation of Microsoft’s Global Secure Access for Android

In the ever-evolving world of enterprise technology, Microsoft is introducing a major innovation: the Global Secure Access Client for Android, available from Dec. 19, 2023. This solution, integrated into the Microsoft Defender for Endpoint Android app, makes it easier for end users to connect to needed resources without manual VPN configurations.

Requirements for Implementation

Before one begins, there are some requirements:

  • A Microsoft Entra ID P1 license.
  • At least one Global Secure Access traffic forwarding profile must be activated.
  • Installation privileges on the device.
  • Android devices must run Android 10.0 or newer and be registered with Microsoft Entra.

Known Limitations

There are some limitations to consider:

  • Android (Go edition) devices are currently not supported.
  • Microsoft Defender for Endpoint on shared Android devices is also unsupported.
  • IPv6 traffic tunneling and private DNS must be disabled.

Supported Scenarios.

The Global Secure Access Client supports several scenarios, including:

  • Company-owned, fully managed user devices.
  • Corporate ownership with a work profile.
  • Personal property with a work profile.

Implementation Process

The implementation process involves several steps:

  1. Deploy Defender on Intune-registered Android devices.
  2. Activate at least one traffic forwarding profile.
  3. Confirm that Global Secure Access appears in the Defender app.

User Experience

Once the above conditions are met, the Global Secure Access Client automatically appears in the Defender app, but is disabled by default. Users must enable the client through the app. If the client cannot connect, an option appears to disable the service so users can try again later.


Some common implementation problems are:

  • The Global Secure Access tile does not appear immediately after onboarding. In this case, restart the Defender app.
  • Connection problems when trying to access a Private Access application can usually be resolved by refreshing the application via a Web browser.

This new client thus provides an advanced, streamlined way for organizations to provide their employees with secure and efficient access to essential resources, demonstrating once again Microsoft’s leadership in enterprise technology innovations.

Want to know more?

Get in touch
Microsoft's Global Secure Access Client for Android