Microsoft has unveiled plans for a robust identity access management platform aimed at improving cloud security. In a blog post, Joseph Dadzie, Partner Director of Product Management at Microsoft, outlined the security challenges that arise as organizations increasingly work with dispersed and remote user bases, and how the new tools in Microsoft Entra can help solve those challenges.
Addressing Overprovisioning and Security Challenges
Dadzie highlighted the issue of overprovisioning, where growing teams and workloads necessitate increased access, often resulting in overlapping permissions. He emphasized the need to proactively identify and mitigate vulnerabilities related to identities and permissions. The proposed platform seeks to secure access to all identities in any cloud environment, applying the principle of least-privileged permissions.
The forthcoming platform will enhance existing Microsoft Entra functionalities such as Permissions Management (CIEM), Privileged Identity Management (PAM), Identity Governance (IGA), and Workload Identity (IAM for workloads). Microsoft plans to incorporate artificial intelligence and machine learning to fortify these technologies, enabling organizations to detect subtle risks and recommend effective solutions.
This system offers comprehensive visibility into all identities and their associated permissions. This allows for the identification and mitigation of potential security risks associated with risky permissions. Furthermore, risk remediation provides targeted recommendations to address these vulnerabilities. To ensure the principle of least privilege, granular controls are implemented, granting users only the necessary permissions for their specific roles and designated timeframes. Finally, automated governance maintains ongoing compliance by automatically enforcing security policies. This integrated approach creates a robust and secure environment.
Recent Entra Updates and Future Prospects
Although the platform's release date remains unspecified, Microsoft positions it as a vital part of its cloud security initiative. The company advises organizations to integrate Microsoft Entra ID Governance and Permissions Management into their cloud strategies.
Alongside the platform announcement, several Entra security enhancements have been revealed:
- Extended Passkey Support: Microsoft Entra ID now includes device-bound passkeys in the Microsoft Authenticator app for both iOS and Android, aligned with the W3C WebAuthN standard to prevent phishing attacks.
- External Authentication Options: Entra ID now supports various multi-factor authentication (MFA) providers, offering flexible yet cohesive identity management.
- Availability of Microsoft Entra External ID: As of May 15, Microsoft Entra External ID, a customer identity and access management (CIAM) solution, is generally available, aiming to secure all identities involved.