Products > ZPA for Azure

Remote access to Azure just got
faster, simpler, and more secure.

Introducing Zscaler Private Access for Azure

The challenge of incumbent remote access solutions

Why does remote access to Azure still rely on the data center?

When legacy remote access solutions were created, security meant a secure perimeter around the network, and networking relied on the hub and spoke model. This has since changed. Now, over 40% of enterprises run applications in Azure. Apps that once resided in the data center are now being migrated to the Azure cloud. Yet, most remote access is still reliant on routing traffic through a gateway hosted within data center first. Enterprises still rely on the remote access VPN to provide remote access to internal applications running with Azure.

Legacy remote access diminishes value of cloud and mobility
  • Breaks the cloud user experience
  • Increased complexity for admins
  • High costs to purchase and manage appliances
  • Increased risk with users on network
  • Inability to control access to specific apps hosted in Azure
  • Lack of visibility into internal applications running in Azure
Relying on UTM and NGFW appliances to secure internet traffic is costly, results in appliance sprawl, and compromises branch security.

Zscaler Private Access for Azure

Secure, Direct-to-Cloud Remote Access to apps in Azure

Zscaler Private Access (ZPA) for Azure is a cloud service from Zscaler that provides seamless and secure remote access to internal applications running in Azure. The service delivers a seamless, cloud-like user experience, taking remote employees directly to the app in Azure vs. extending the network to them. Since the service is completely cloud based there are no gateway appliances necessary, which reduces both cost and complexity. Admins have full visibility into the applications running in Azure or their data center, and can control who has access to them. Customizable policies hosted in the global Zscaler cloud give admins the ability to determine which remote users have access to which specific applications.

Read the Solution Brief
Relying on UTM and NGFW appliances to secure internet traffic is costly, results in appliance sprawl, and compromises branch security.
See Our Solution View the Challenge

Zscaler Private Access for Azure benefits

Better remote user experience

Users have fast, direct-to-cloud access without having to login to remote access VPN client each time.

Less complexity for admins

Network admins can segment based on application from within the web UI. No need to segment by network. No IP address segmentation or access control lists required.

Secure remote access, w/o network access

Policy based access, with no access to network. Visibility into apps being accessed by users and ability to discover unsanctioned apps running within Azure.

Traffic remains private via internet network

Service uses dynamic, application specific TLS-based end to end encryption. All data remains private and enterprises can bring their own PKI.

No hardware appliances, lower costs

The cloud service requires no hardware. Enterprises can easily scale across multiple Azure and Zscaler data centers with no need to replicate gateways.

Scale elastically, reduce latency

The service uses the global Azure network to ramp up new users and route them to the app location nearest to them via internet-based networking.

Software-defined Perimeter for Secure Remote Access to Azure

The Zscaler Private Access (ZPA) service provides seamless and secure remote access to internal applications in Azure, and without placing users on the corporate network. The cloud service requires no complex remote access VPN gateway appliances, and uses cloud-hosted policies to authenticate access and route user traffic to the closest application location to them. A true software-defined solution that can work in conjunction with Azure ExpressRoute, which directly connects their data centers to Azure data centers.

1.  Cloud Policy Engine
  • Hosted in cloud
  • Used for authentication
  • Customizable by admins
2.  Z-App 
  • Mobile client installed on devices
  • Requests access to an app
3.  Z-Connector
  • Sits in front of app in Azure
  • Listens for access requests to apps
  • No inbound connections
4.  Z-Broker  
  • Brokers a secure connection between a
    Z-App and a Z-Connector

Zscaler brokers run in Azure

With Zscaler Private Access for Azure, Zscaler Enforcement Nodes (ZENs), which broker access between a remote user and an internal application, run within the Azure cloud. This enables networking admins to leverage the entire Azure network and its many data center locations, accelerating remote access to all apps running in Azure and improving user productivity. Admins simply deploy the lightweight ZEN VM into an Azure instance and manage it within the Azure console.

Control which users access which applications in Azure

Zscaler Private Access provides application segmentation. This allows security admins to set policies for specific user groups and applications, as well as any associated subdomains. Network admins do not have to segment by network.

1.  Create and define policy names
2.  Set different permissions levels for users and user groups
3.  Define the applications each policy is associated with
4.  Easily add new rules and policies for users and applications within the UI

ZPA for Azure one-click integrations

Zscaler and Azure have partnered to make it easier for admins to begin using ZPA for secure remote access to Azure. An example o of this is that we developed integrations for Azure AD. This enables admins to use ZPA to set access policies for user groups based on existing Azure AD configurations. The Z-Connector is also available within the Azure marketplace. The connectors sit in front of apps within Azure, connecting them to the ZENs, which broker access between remote users and apps.

Suggested Resources

Customer Story

See how MAN Diesel & Turbo SE uses ZPA to provide zero-trust access to internal apps, at global scale

Read Case Study 


Watch the ZPA for Azure webinar recording

Watch Webcast 

Case Study

Microsoft and Zscaler partner for success

Read More