Microsoft Developing Converged Platform for Multicloud Management -- Redmondmag.com

Microsoft Developing Converged Platform for Multicloud Management

By Chris Paoli
05/29/2024

Microsoft on Wednesday announced it is developing a converged platform designed to streamline risk discovery and remediation, with zero trust baked at the core.

"With the rise of multicloud strategies, our customers face increasing challenges in securing access across various environments," said Joy Chik, President of Identity and Network Access at Microsoft, in a blog post. "Our goal is to simplify this process by providing a comprehensive platform that ensures secure access for any identity, across any cloud."

While Wednesday's announcement was light on specifics, Microsoft's upcoming platform will build on the company's existing Entra products, such as Permissions Management (CIEM), Privileged Identity Management (PAM), ID Governance (IGA) and Workload Identity (IAM for workloads). Additionally, Microsoft will employ AI and machine learning to enhance these technologies, helping organizations uncover difficult-to-detect risks and propose effective remediation strategies.

The new platform, which does not have a current release window, will focus on the following four areas:

Visibility: Insights into all identities and permissions, detecting risky permissions.
Risk Remediation: Recommendations for addressing risky permissions.
Granular Controls: Appropriate privileges for specific roles and durations.
Automated Governance: Continuous compliance through automated policies

Microsoft said this work in progress marks a significant step in its efforts to provide robust security solutions for the digital landscape. The company will continue to update the public on its progress and encourages organizations to explore Microsoft Entra ID Governance and Permissions Management as foundational elements of their cloud access management strategies.

Earlier this month, Microsoft made a handful of Entra announcements, including:

Expanded Passkey Support. Microsoft Entra ID now supports device-bound passkeys in the Microsoft Authenticator app for iOS and Android. Passkeys are phishing-resistant and adhere to the W3C WebAuthN standard.

External Authentication Methods. Microsoft Entra ID now supports external authentication methods, allowing integration with various MFA providers. This flexibility helps meet diverse security requirements while maintaining a unified identity management system.

General Availability of Microsoft Entra External ID. Microsoft Entra External ID, a CIAM solution designed for partners, business customers and consumers, hit general availability on May 15. It aims to secure all identities, streamline collaboration and accelerate the development of secure applications.

Integration with Microsoft Defender for Cloud. The integration of Microsoft Entra Permissions Management with Microsoft Defender for Cloud, now available, enhances cloud security by providing visibility and recommendations for managing permissions across multiple cloud platforms.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

Exploring Alternatives to Microsoft Publisher

Depending on what you need, there are some good alternatives once Publisher loses support in 2026.
To Support OpenAI, Microsoft Taps Oracle for More Cloud Power

Frenemies Oracle and Microsoft are combining their respective cloud platforms to give generative AI wunderkind OpenAI more room to innovate.
After Making Windows Recall Opt-In, Microsoft Yanks Feature from PCs Entirely

Microsoft is putting the brakes on its Windows Recall feature that was designed to "retrace users' steps."
PowerShell's Bright Future

A couple of seasoned PowerShell vets break down how they see the powerful tool's next stage of evolution.
Lax Credential Hygiene at Root of Snowflake Breach: Researchers

Security researchers at Google subsidiary Mandiant have traced the months-long Snowflake security breach to an attack group taking advantage of old credentials and weak authentication methods.