News
Microsoft Addresses Security Tool Sprawl with New Entra and Sentinel Releases
Microsoft this week announced the general availability of two new security solutions designed to help organizations achieve and manage zero trust environments.
Now available for production environments are the Microsoft Entra Suite, which promises to combine network security and identity management on a single platform; and Microsoft Sentinel integration with the Microsoft Defender portal, which adds security information and event management (SIEM) capabilities to Microsoft's broader unified security operations platform.
The general availability of both products helps "simplify the implementation of a Zero Trust architecture across the full lifecycle from prevention to detection and response," Microsoft said in a blog post Thursday.
Microsoft Entra Suite
The Microsoft Entra Suite "unifies identity and network access security," per Microsoft. Combining both of those functions makes achieving a zero trust environment more streamlined, the company argues, as organizations have fewer security tools to manage. Entra Suite can potentially replace traditional legacy security solutions, including VPNs and secure Web gateways.
Entra Suite lets IT teams extend conditional access policies to every application in their network, whether it's on-premises or in the cloud, from a single pane of glass. It enforces least-privilege access at all times and, for end users, provides single sign-on and passwordless authentication.
The suite combines the following five existing Entra solutions:
- Microsoft Entra Private Access
- Microsoft Entra Internet Access
- Microsoft Entra ID Governance
- Microsoft Entra ID Protection
- Microsoft Entra Verified ID
"This new offering advances our vision for the Microsoft Entra product line that can serve as a universal trust fabric for the era of AI, securely connecting any trustworthy identity with anything, from anywhere," Microsoft said in a separate blog post.
Microsoft Sentinel on the Microsoft Defender Portal
Microsoft also announced the general availability of integration between Sentinel, its cloud-based SIEM product, with the Microsoft Defender security suite. Like the Entra Suite, this release aims to condense the number of threat detection tools that organizations typically use.
"According to our research, organizations use as many as 80 individual tools in their security portfolio," Microsoft said. "For many, this means having to manually manage integration between their security information and event management (SIEM); security orchestration, automation, and response (SOAR); extended detection and response (XDR); posture and exposure management; cloud security; and threat intelligence."
The Sentinel-Defender integration helps alleviate that tool sprawl, Microsoft argues. Sentinel workspaces can now be accessed via Defender, essentially combining the alerting and reporting capabilities of the former with the threat hunting capabilities of the latter.
This Microsoft blog provides more details about the integration, as well as setup instructions.
Microsoft said both general availability releases are designed to help organizations establish a "proactive zero trust strategy."
"While individual tools are typically used to fulfill requirements across each Zero Trust pillar, a truly comprehensive strategy connects them together through a centralized access policy engine and integrated threat protection," the company said.