Back to Networking Knowledge Hub

netgo Relies on Modern ZTNA with NetBird

Discover how netgo modernized secure access by replacing legacy VPNs with NetBird's ZTNA, reducing latency and simplifying operation.

Company: netgo group GmbH
Headquarters: Germany
Industry: IT service provider / IT consultancy


Challenges:

  • Fragmented legacy SSL VPNs and multiple access entry points.
  • Slow, multi-hour policy rollouts with no real-time enforcement.
  • Lack of tight integration with Windows Defender and SOC for immediate access revocation.
  • Complex MSP environment requiring secure access across heterogeneous customer networks.
  • Limited segmentation and insufficient visibility using traditional VPN models.

Key Results:

  • Near–real-time access updates (1–2 minutes instead of hours).
  • Zero connection drops and reduced latency through WireGuard P2P architecture.
  • Strong security posture with automatic access blocking for non-compliant endpoints.
  • Lower operational overhead by eliminating multiple VPNs and Windows-based routing nodes.
  • Seamless user experience with transparent, always-on Zero Trust network access.

About netgo

With over 1,400 employees at more than 20 locations, netgo is one of the leading IT service providers in Germany, offering a holistic service portfolio as a central IT partner for a wide range of companies and organizations.

Thanks to comprehensive expertise along the entire value chain, netgo creates innovative IT architecture, building the foundation for digitally shaped business models.

With services across cloud, managed services, IT security, IT infrastructure, and custom software solutions, netgo supports customers in planning, implementing, and operating future-oriented IT landscapes—allowing companies to focus entirely on their core business.

More than 20 locations and broad cross-industry expertise ensure close, cooperative, and competent collaboration throughout Germany. The goal: to jointly develop IT concepts that optimally meet individual needs and contribute to business success.

How netgo Uses NetBird

netgo leverages:

  • NetBird’s integration with Microsoft 365 Entra ID
  • Event streaming connected to the security monitoring environment
  • NetBird to securely provide access to critical internal resources

Additionally, netgo applies its own architectural concepts and uses several automations to operate and scale NetBird efficiently.

Starting Point and the Challenge

netgo selected a Zero Trust Network Access (ZTNA) approach as its central access model to:

  • Create a unified, secure, modern method of accessing critical corporate resources
  • Move away from traditional client-based VPN solutions that no longer met modern standards
  • Ensure users only access resources needed for their daily work (Least Privilege by Design)
  • Integrate tightly with Microsoft Defender and the security monitoring environment

Before choosing NetBird, several ZTNA products were evaluated but failed to meet requirements regarding flexibility, functionality, and architectural fit.

“We were looking for a modern, integrated zero trust approach – not just another VPN replacement.” — Internal stakeholder, netgo

Industry-Specific Requirements

As an MSP and IT service provider, netgo operates in a highly complex environment with internal resources, heterogeneous customer networks, VPNs, and strict tenant boundaries. This goes beyond the typical enterprise scenario.

Key Industry Challenges

  • Regulatory & Audit Requirements: Need for verifiable access controls, documented least privilege, and clear segmentation.
  • High Data Security: Internal systems must not be publicly exposed; legacy SSL VPNs insufficient.
  • Parallel Stacks: Internal ZTNA must coexist with numerous customer VPNs/ZTNAs.
  • Real-Time Policy Enforcement: Multi-hour policy rollouts are unacceptable.
  • SOC Integration: Endpoints with critical Defender status must be denied access immediately.

“In our industry, delayed policy rollouts and missing integration with our security processes are not a ‘nice-to-have’ – they’re a blocker.” — Internal stakeholder, netgo

Before NetBird, netgo had:

  • Fragmented SSL VPNs
  • Multiple entry points
  • Limited segmentation
  • No central transparency
  • Higher operational overhead

The Solution: NetBird at netgo

After extensive evaluation, netgo selected NetBird for its optimal match of architecture, control, cost efficiency, and operational alignment.

Why NetBird?

  • Modern P2P architecture based on WireGuard → eliminates gateway bottlenecks and reduces latency
  • True network-segment routing, not just host-based access
  • Native integration with Microsoft Entra ID & Defender → near real-time policy enforcement
  • Cross-platform peers (Windows, macOS, Linux, iOS, Android) with no Windows-based routing nodes required
  • Distributed, resilient, segment-per-peer architecture

Proof of Concept (PoC)

  • 250 users, 150 systems
  • Segment-wise high-availability routing peers
  • Integrated with Entra ID, Defender, and security event streaming
  • Connected with Microsoft PIM for time-limited ZTNA access requests

PoC Results

  • Near-instant policy updates
  • Stable latency and performance
  • Zero connection drops
  • Transparent control with no vendor “black box”

Results and Business Impact

By adopting NetBird, netgo achieved a significant simplification of secure internal access while removing the operational burdens of legacy SSL VPN and Sophos ZTNA environments.

Key Outcomes

  • Reduced latency via peer-to-peer communication
  • No dependence on central gateway bottlenecks
  • Policy updates applied within seconds to minutes
  • True Conditional Access enabled through Defender compliance
  • Clear SOC visibility via event streaming

Quantifiable Improvements

  • ~1–2 min average access assignment (formerly hours with Sophos ZTNA)
  • 0 connection drops during PoC
  • Lower OPEX thanks to Linux-based routing peers
  • Reduced operational effort by eliminating outdated VPN entry points

Internal Feedback

“Transparent usage. It just works. No more switching between legacy VPNs.”

“Since NetBird, I don’t have to think about connectivity anymore – It just runs in the background.”

“The login experience is much faster and more modern.”

“Quick feedback on NetBird: I love it 😍”

Conclusion and Outlook

NetBird fundamentally improved how netgo provides secure access to internal resources:

  • Lower operational complexity
  • Reduced latency
  • Near-real-time policy updates
  • Seamless user experience

By combining WireGuard-based P2P connectivity, Entra integration, Defender compliance, and SOC telemetry, NetBird delivers the modern zero trust model netgo requires.

Today, netgo operates a scalable, modern ZTNA platform that fulfills all security and operational requirements.

Next Steps

netgo plans to expand NetBird as a central service within the organization and its portfolio. The successful PoC confirmed NetBird as the strategic choice for future access architecture.

You may also like:

NetBird for SOC 2 Compliance

Simplify SOC 2 audits using NetBird’s identity-aware access, logging, and WireGuard encryption.

Read more

Docker for Beginners - Everything You Need to Get Started

Docker is used for almost everything in self-hosting from media servers, web apps, download clients, and more. In this guide, We break down the basics, what Docker is, how to install it, and the core ...

Read more

NetBird v0.63 - Custom DNS Zones for Private Network Resolution

NetBird v0.63 introduces Custom DNS Zones, enabling private DNS resolution within your network. Create zones like internal.company.io, add A/AAAA/CNAME records, and distribute them to specific peer gr...

Read more

We are using cookies

We use our own cookies as well as third-party cookies on our websites to enhance your experience, analyze our traffic, and for security and marketing. View our Privacy Policy for more information.