Giving Developers Claude Code with Azure API Management and Claude Models in Microsoft Foundry
June 5, 2026Microsoft Defender for Cloud Customer Newsletter
June 5, 2026
In working with customers, I’ve seen the same pattern again and again: deployment gets the attention, but day 2 operations are where teams need the most structure. This guide is meant to make that part easier—with practical guidance teams can use right away.
TL;DR: Your day 2 playbook is here
- What’s new? A prescriptive Microsoft Entra Global Secure Access operations guide on Microsoft Learn
- Why it matters: It brings actionable, alert-first procedures for teams running Global Secure Access after deployment
- What’s inside: A role matrix, automated health checks, capability-specific guides, templates, and automation scripts
- Start here: Microsoft Entra Global Secure Access operations guide
The day 2 gap
Deploying Global Secure Access (GSA) is only the beginning. Day 2 challenges raise questions like:
Who monitors what? When do checks happen? How do we know everything is healthy?
The deployment guide covers rollout, and the product documentation explains configuration. But until now, there was no single resource that explained how to operate Global Secure Access in production. Customers, FastTrack, and partners built their own runbooks—and rebuilt them for each deployment.
That ends today.
Announcing the Operations Guide
The Microsoft Entra Global Secure Access operations guide is now live on Microsoft Learn.
This post-deployment playbook delivers prescriptive guidance for running Global Secure Access in production at scale. It was created by the Global Secure Access customer experience engineering team with input from Thomas Detzner, Janice Ricketts, Jeff Bley, Luis Flores, Marilee Turscak, Peter Lenzke, Mohammad Zmaili, and Ken Withe.
Who this guide empowers
This guide is for the teams that keep Global Secure Access running every day: IT administrators, network engineers, and platform operations teams that need clear answers to questions like “Who owns what?” and “How do we prevent issues before they happen?”
It also equips security leaders with structured reporting so they can demonstrate value and service health to executives. If you’re responsible for Global Secure Access performance, alerting, or automation, this is your new reference playbook. (And if you haven’t deployed yet, start with the deployment guide.)
What you’ll gain from this guide
Shared practices that work across any environment
- Know your roles early: A RACI matrix so responsibilities never overlap
- Manage change with confidence: A GSA-tailored change-control framework for smooth updates
- Prove success with clarity: Reporting templates for operators, managers, and executives
- Adopt continuous improvement: Built-in processes to spot gaps before they become issues
Capability-specific playbooks structured for speed
Every workload (Private Access, Internet Access, Remote Networks, Microsoft Traffic) follows one clear pattern so teams always know what comes next:
✔ Begin with alert-first monitoring steps that catch issues early
✔ Follow daily, weekly, monthly routines for health maintenance
✔ Automate critical workflows with Sentinel, Graph API, and PowerShell scripts
✔ Track and tune KPIs using measured baselines
✔ Diagnose and resolve quickly with symptom-to-fix troubleshooting
Don’t start from zero—use the templates
- Daily health check across all GSA capabilities
- Ready-made change request forms and notification playbooks
- Modular checklists ready for your ITSM process
Why this guide is different
Unlike generic environment monitoring advice, this guide delivers concrete, tested procedures built from field experience. It applies an alert-first approach so teams can act on signals from Microsoft Sentinel and Azure Monitor before dashboards show trouble.
Each alert comes with an action—nothing is left unanswered. Automation is embedded throughout, including role-based access control (RBAC) hygiene checks and failover tests. Because operations demand clarity, the guide also provides measurable thresholds, baseline methods, and recovery steps that reduce noise and reinforce uptime.
Six moves to launch operational maturity
- Assign roles using the RACI matrix for full coverage
- Configure critical alerts before adding custom workflows
- Collect 30 days of baseline data before adjusting thresholds
- Automate backups and priority alert notifications early
- Schedule routine checks using provided templates
- Begin structured reporting starting with weekly operations and monthly management reviews
Why it matters for customers and partners
This framework reduces time to readiness after deployment, documents a defensible Day 2 plan for audits, cuts escalations by linking every alert to a clear action path, and gives FastTrack and partners a baseline for consistency in engagements.
Next up
Soon we will publish the GSA Security Operations Guide for Microsoft Entra Global Secure Access, providing a dedicated security monitoring and detection companion to the operational guides for Private Access, Internet Access, Remote Networks, and Microsoft traffic. It brings together the built-in alerts, log sources, Sentinel detections, and cross-signal investigation patterns that security teams need to identify suspicious activity and unauthorized changes across the GSA environment.
If deployment is still ahead, start with the GSA Deployment Guide.
Your move
- Open the full guide
- Download templates and run your first daily health check today
- Post feedback and ideas to help shape future updates
-Thomas Detzner
Additional resources
- Microsoft Entra Global Secure Access operations guide
- Microsoft Incident Response Playbooks: response guidance for containment, eradication, and recovery after a SecOps detection is confirmed.
- Enhance threat detection with Global Secure Access in Microsoft Sentinel: how to stream GSA data into Sentinel, install the solution, enable analytics rules, and use the built-in workbooks.
- What are Global Secure Access alerts?: the built-in GSA alert types, what they mean, and where to view them.
- Global Secure Access logs and monitoring: overview of dashboards, traffic logs, audit logs, enriched Microsoft 365 logs, retention, and monitoring surfaces.
- How to access the Global Secure Access audit logs: where to find GSA-related audit activity and how to filter it for operational or security investigations.
- Microsoft Entra audit log categories and activities for Global Secure Access: the authoritative list of GSA audit operations and categories for change monitoring.
Learn more about Microsoft Entra
Prevent identity attacks, ensure least privilege access, unify access controls, and improve the experience for users with comprehensive identity and network access solutions across on-premises and clouds.
- Microsoft Entra News and Insights | Microsoft Security Blog
- Microsoft Entra blog | Tech Community
- Microsoft Entra documentation | Microsoft Learn
- Microsoft Entra discussions | Microsoft Community