Today, Microsoft’s identity and access group made numerous announcements about its Entra product family. The Entra name was introduced a year ago (May-2022) to bring together the long-standing and well-respected Azure Active Directory (AD) franchise with Microsoft’s cloud infrastructure entitlement management (CIEM) solution. While Azure AD kept its name a year ago, today, it was changed. Azure AD is now Microsoft Entra ID. The picture below summarizes the essential products part of today’s announcement.
For me, the critical announcement today was Microsoft’s introduction of its new SSE solution anchored to two new products, Microsoft Entra Internet Access and Microsoft Entra Private Access, and an existing one, Microsoft Defender for Cloud Apps.
Key takeaways and my opinions on Microsoft entry into the SSE space are:
- Microsoft Entra Internet Access (EIA) provides SWG (secure web gateway) functionality.
- Microsoft Entra Private Access (EPA) provides ZTNA (zero trust network access) capabilities.
- Microsoft EIA is in public preview with limited functionality. It can only protect Microsoft 365 and Windows clients. General traffic protection, cloud firewall, threat protection, and support for other operating systems are slated for later this year.
- Microsoft EPA is in public preview. No significant limitations were noted in today’s announcement.
- Microsoft went out of its way to remain committed to supporting an open SSE ecosystem.
- The naming scheme for Microsoft copies Zscaler’s naming scheme for equivalent products (Zscaler Internet Access [ZIA] and Zscaler Private Access [ZPA]). This is not the first time we have seen a vendor copy Zscaler’s product structure and naming. As they say, if you can’t fight them, join them.
- CASB (cloud access security) requires a third Microsoft product, Microsoft Defender for Cloud App.
- My SWOT analysis
- Unrivaled enterprise presence to facilitate awareness. Everyone knows who Microsoft is and generally enjoys substantial goodwill among its customer base. A large salesforce and partner ecosystem will open many doors.
- Identity foundation. No other SSE vendor has the same identity vendor chops that Microsoft brings. SSE is identity-heavy, which Microsoft can exploit by owning the identity use cases end-to-end.
- Azure Cloud. Most SSE vendors partner with cloud service providers like Microsoft Azure to stand up their SSE clouds. Whether cost models or the ability to exploit deeper integrations, the Entra team has a likely advantage.
- Severely late to market. Cisco, Palo Alto Networks, Symantec, and Zscaler have a multi-year start over Microsoft. Gaining momentum in a crowded market will take work.
- No full SASE: SD-WAN still requires a third-party vendor. Single-vendor SASE vendors are gaining market traction.
- CASB is still a separate product. Unclear how policy sets are defined, but from initial impressions, there will be no policy tie-ins with Microsoft Defender for Cloud App.
- Costing model. Large enterprises that are strong Microsoft shops and take advantage of Microsoft’s Enterprise Licensing Agreement benefits could lead to significant uptake of Microsoft SSE solution.
- Full SASE: Microsoft has strong networking chops that could facilitate servicing the full SASE opportunity, including networking and security.
- Microsoft has a history of entering network security markets and then backing away. It tried entering the firewall market in the 2000s, then backed out, leaving customers stranded.
- Rate of feature richness: Best-of-breed players likely will continue to drive faster innovation and feature richness.
Microsoft has several scheduled analyst briefings over the next month, including one focused on today’s SSE announcement in mid-August. We keenly await to hear more, but until then, please feel free to reach out with any questions.