Microsoft has initiated the execution of an ambitious plan to offer unified conditional access to enterprise and software-as-a-service (SaaS) resources by introducing network-based security service edge (SSE) offerings integrated into its flagship Entra Identity portfolio. The new Microsoft Azure-based SSE offerings, which deliver perimeterless secure access to cloud and enterprise applications, are now commercially available as essential components of the Entra Suite.
The Entra Suite SSE offerings consist of Entra Internet Access, which provides secure access to SaaS-based applications, and Entra Private Access, designed to substitute virtual private networks (VPNs) with more precise access to enterprise resources. Both offerings utilize Entra ID’s (formerly Azure AD) least-privilege access policies.
Furthermore, the Entra Suite integrates Entra Identity with network security controls to establish what Microsoft refers to as a “front door perimeter.” This integration encompasses Microsoft’s latest offerings such as Entra Identity Governance, Entra Verified ID, and Entra Identity Protection, including the recently launched Face Check feature.
Entra Internet Access serves as a secure Web gateway (SWG) facilitating secure access to SaaS applications, including Microsoft 365 apps. It merges conditional access policies with network conditions to combat malicious traffic and threats effectively. Specifically for Microsoft 365 applications, Entra Intranet Access provides Universal Tenant Restrictions to prevent data exfiltration to other tenants or personal accounts. On the other hand, Entra Private Access ensures secure access to enterprise applications, regardless of their hosting location. It allows attribute-based conditional access policies creation based on risks and conditions like device compliance, location, and data sensitivity.
Joy Chik, Microsoft’s president of identity and network access, emphasizes that with the Entra Suite, all components, including Entra ID Governance, Entra ID Protection, and Entra Verified ID, are seamlessly integrated with conditional access. Chik asserts, “Everything is under the Entra administration experience. All the policy settings, everything is a fully integrated end-to-end scenario.”
Microsoft believes that enterprise security teams desire a single provider for identity and secure network access to share the same policies and conditions. Chik explains, “It will help us unify conditional access, which is the security policy engine for doing secure access, with both the identity signals and network signals together. Customers are longing for the capability to integrate identity and network signals together into one place with Entra conditional access.”
Geoff Cairns, principal analyst at Forrester, mentions that the adoption of Microsoft’s strategy to converge identity and network access platforms is still uncertain among organizations. He points out the concentration risk associated with consolidating all identity access management (IAM) security infrastructure under Microsoft Entra, as it could potentially pose risks if compromised. Cairns believes that entities already operating within Microsoft-centric environments and upgrading their security stacks are more likely to embrace the suite approach, with organization scale and complexity playing a crucial role in decision-making.
Don Tait, senior analyst at Omdia, suggests that the convergence of IAM and network security is inevitable in the long run. He emphasizes the increasing significance of identity security over network security, citing the importance of IDR/ITDR technology in the current context. Additionally, Microsoft plans to collaborate with third-party network and SSE providers later this year to expand Entra’s capabilities. Leading SSE providers like Cisco, Cloudflare, Netskope, Palo Alto Networks, and Zscaler are among the partners Microsoft intends to engage with.
In conclusion, Microsoft’s endeavor to provide unified conditional access to enterprise and SaaS resources through the Entra Suite offers a comprehensive and integrated approach to security. While the adoption of this strategy may vary among organizations, the convergence of IAM and network security signals the evolving landscape of cybersecurity towards prioritizing identity protection and access management.