I am excited to announce the introduction of new Zero Trust Access (ZTA) policy enforcement modes within Cisco Secure Access that enables multi-app policy enforcement.

This innovative feature enhances our ability to manage access to private resources with greater precision and flexibility. In addition, the new multi-app policy enforcement modes allow enterprises to streamline migration from existing complex multi-vendor deployments while ensuring consistent zero-trust security controls.

Key Highlights:

• Flexible Resource Matching: Evaluates access requests by considering all possible private resources that match the requested destination, ensuring broader mapping of all potential private resources and flexible policy management.
• Prioritized Rule Matching: The policy evaluation process continues to prioritize rules based on the top-down priority order and enforces the first rule that matches source, destination, and posture profile.
• Tie-Breaker Logic: In scenarios where multiple resource matches are possible, the system will select the most specific match.

Note that end-user notifications remain consistent across all three policy enforcement modes. While the existing 'most-specific match' policy enforcement continues to be the default ZTA policy mode in Secure Access, customers wishing to switch to 'multi-app match' policy enforcement can request the change through customer support.

Please review the documentation page for details on the various policy enforcement options available for ZTA. Feel free to post a comment if you have any questions or require further information.