Wandera Private Access

Product in a paragraph

Wandera Private Access is a cloud-hosted service that provides secure remote access to applications using Zero Trust Network Access principles, whether those applications are hosted in the data center or in the cloud. User access is fast, less complex, and more secure. The user experience is consistent wherever the application is running, and from whichever device the user connects. It takes only moments to deploy and supports any device from corporate laptops to personal smartphones.

How is it sold

How is it licensed?

The same as our existing portfolio. SaaS subscription per device per month. Minimum contract length 12 months.

How much does it cost?

Varies based on number of licences and contract length – talk to your Wandera representative for more information.

Trials and PoC

Do you offer a POC?

Yes, POCs are available now, just contact your local sales representative.

Is there a minimum device count for a trial?

Nope – let’s get you set up now!

What does getting started look like?

The trial is fully automated and guides administrators through the setup and deployment process. Wandera sales representatives are on hand to take care of any customer queries to ensure the trial is a success.

Private Access

What devices are supported?

Windows 10, MacOS, iOS, Android.

Is there a limit on the number of Apps that Private Access can provide access to?


Is Private Access purely a VPN replacement?

Wandera Private Access is classified as Zero Trust Network Access, which is a different technology category to VPN. Both technologies tunnel and encrypt traffic, but ZTNA has a number of features that go above and beyond traditional VPN.

Since Wandera Private Access is simple to set up and new apps can be configured in a matter of a few clicks, some customers might start in a niche area, like a specific Line of Business (LOB) app, a SaaS app or with BYOD users.

Can Wandera Private Access and legacy VPN technologies co-exist?


How does Wandera provide security for macOS or Windows?

Wandera checks the device risk integrity on Mac and Windows via the Wandera client including disk encryption, OS security, and AV/EDR compliance and provides a secure, low-medium-high risk score. If a customer buys Content Filtering alongside WPA, network threats such as phishing and malicious traffic will be blocked as well.

Will there be a degradation in connection for older technologies or more difficult infrastructures?

Wandera Private Access uses Wireguard protocol, which is lightweight to guarantee a fast, slick user experience. This protocol is designed to support high volumes, so you don’t have to worry about losing connection when using real-time media like Zoom or Teams.

What happens if a user is denied access?

One of three things will have happened if access is blocked:

  • If MI:RIAM (Wandera’s threat intelligence engine) believes the risk of permitting access is too high (jailbroken device, leaky apps installed, request is from a country deemed ‘unsafe’) the contextual policy engine will block access until it is resolved. The end user will receive a push notification informing them why this has happened and what they need to do to reduce the risk and meet the requirements for access.
  • Some apps will be configured with higher security requirements. In these cases the user may need to provide step-up authentication. They can do this by verifying their identity using MFA, for example.
  • If a user is not configured by the admin to have access to a tool that they need to use, they should request their IT administrator to update their permissions.

Why Wandera Private Access?

  • Replaces MDM tunnel on all your mobile devices when moving to InTune. WPA also supports W10 and Mac for a true cross-platform ZTNA
  • Simple onboarding via Azure AD or other IDP solutions. Supports both managed and unmanaged devices (unlike MDM tunnel)
  • Ultra-fast experience. Proven to be 4x times faster than legacy VPN
  • Revolutionary new protocol – Wireguard – optimized for modern devices vs. legacy IPSec or SSL VPN
  • Context-aware access policies adhere to zero trust principles including role and risk-based access controls

Zero Trust Network Access (ZTNA)

Can ZTNA connect to legacy applications or applications in customer data centres instead of SaaS applications?

Wandera Private Access can connect any device to any app securely – whether on prem, cloud hosted or SaaS

What is the difference between CASB, SDP and ZTNA?

CASB and ZTNA are complementary solutions. CASB offers DLP (data loss prevention) for cloud apps via API integrations or reverse proxy while ZTNA offers transport, encryption and secure access to private and SaaS apps.

SDP – Software Defined Perimeter refers to the cloud infrastructure leverage by a Client Initiated ZTNA is considered part of the ZTNA framework

Why should my customers build their Remote Access strategy on ZTNA principles?

  • Remote work is accelerating demand for a new zero-trust approach to secure private app and SaaS access
  • Legacy VPN is a $4.7Bn market, but insecure by design, complex to manage and offers a substandard user experience
  • 60% of enterprises will phase out VPN, in favor of ZTNA by 2023 (Gartner)
  • Here’s the Gartner ZTNA guide in case you’re interested.


What kind of encryption and security protocols does Private Access use?

The VPN component uses Wireguard – a modern protocol built for high security and performance www.wireguard.com

What infrastructure does private access use?

Private Access is a multitenant cloud environment, so it’s always right-sized and cost efficient. It doesn’t require any on premise equipment to be installed or managed. Private Access is provided by the Wandera Security Cloud which is served by a global network of data centers.

Does Private Access support local break out i.e route to the nearest data center wherever you are or is it static like our current proxy architecture?

Yes, it supports local breakout and optimized routing depending on location. It is designed from the ground up to provide fast, secure, dynamic policy-driven routing from any permitted ingress to any permitted egress.

Deployment & Implementation

What software is required?

Private Access requires Wandera’s App to be installed in order to provide a seamless, streamlined service. The app is designed to the highest privacy standards to keep end-user’s personal information safe and private.

How is the endpoint app deployed?

There are a range of deployment options available to suit each business, end user and use case. The best practice for corporate devices is to deploy via integrations with MDM/UEM solutions like Workspace One or Microsoft Endpoint Manager. BYOD and personal devices can be activated easily via SSO with business credentials.

What does implementation look like?

Wandera Private Access is quick to configure and deploy. Administrators define policies in a unified console which are enforced by the globally distributed cloud-based service. It takes only moments to install the Wandera app on endpoints, which manages the authentication, encryption, and health checks.

An easy to follow step-by-step guide assists the deployment process and Wandera’s support engineers are available if there are any questions. There is absolutely no hardware or software connectors that need to be installed, no device certificates that need to be managed, and no complex network configuration.

Register a lead

You’re getting the inside track on Wandera Private Access before its international launch. Stay tuned, we’ll continue to update this page with more information every week until our global launch. Think you have a potential opportunity? Reach out to your local Wandera representative today!