Microsoft has bolstered its security portfolio with the release of Entra Permissions Management, a Cloud Infrastructure Entitlement Management (CIEM) offering. The new permissions management solution, rolled out on Thursday, enhances Microsoft’s ability to enforce least privilege access across multiple clouds.

The CIEM continuously monitors and remediate permissions across its own Azure cloud as well as AWS and Google Cloud. Microsoft signaled its intent to add CIEM to its security stack with last year’s acquisition of CloudKnox. After integrating it into its own security platform, Microsoft released the public preview of CloudKnox Permissions Management in February.

In late May, Microsoft announced Entra as the new brand for all the company’s identity and access management offerings. The new Microsoft Entra portfolio consists of Azure Active Directory (Azure AD), Microsoft Verified Identity and the new CIEM offering.

By adding its own CIEM, Microsoft will be competing with a field of providers including BeyondTrust, CyberArc, Quest’s One Identity, SailPoint, Sonrai Security and Zscaler, among others. The enforcement of least privilege access enabled by CIEM is considered an important component of a zero-trust strategy.

Microsoft’s Joy Chik

Microsoft’s Vasu Jakkal

In the post announcing Entra, Microsoft corporate vice presidents Joy Chik and Vasu Jakkal underscored the proliferation of identities and permissions. “Permissions Management helps detect, right-size and monitor unused and excessive permissions, and mitigates the risk of data breaches by enforcing the principle of least privilege in Microsoft Azure, Amazon Web Services, and Google Cloud Platform,” they noted.

Standalone Permissions Management Offering

Microsoft is also offering Entra Permissions Management as a standalone offering priced at $125 per resource, per year. It supports compute resources, container clusters, serverless functions and databases across AWS, Azure and Google Cloud.

Since February’s public preview, Microsoft said it has added GDPR compliance, global localization and automated onboarding. Alex Simons, a Microsoft corporate VP and product manager for the company’s Identity and Network Access division, outlined how it works.

Microsoft’s Alex Simons

“Microsoft Entra Permissions Management allows organizations to discover, remediate and monitor permissions for all identities (both human and workloads) and resources across multicloud environments,” Simons explained in a blog post announcing the release. “By continuously monitoring permission usage, Permissions Management allows you to enforce the principle of least privilege at cloud scale using historical data so that your organization can improve its security posture without interrupting productivity.”

Automated Provisioning

Simons emphasized the automated provisioning of AWS, Azure and Google Cloud environments into Entra Permissions Management. “With a simplified workflow, you can efficiently collect permissions data across clouds at scale with just a few clicks,” he noted. It also provides organizations with their Permissions Creep Index. That is a measure that determines the number of permissions granted to users and those that they use or need.

Customers integrating it with Microsoft’s portfolio, can access Entra Permissions Management from the Defender for Cloud dashboard. Simons noted that extends Defender for Cloud’s protection with the addition of CIEM.