Microsoft today added a collection of new security products to its Azure cloud services, bringing it at feature parity with a number of security providers in the identity and access management market, and providing a new series of secure Azure virtual machine instances.

The collection, announced at the company’s Build conference for developers in Seattle is called Entra and is actually composed of a series of related products and services:

• Entra Permissions Management, which is a Cloud Infrastructure Entitlements Manager similar to Palo Alto Networks Inc.’s Prisma and CyberArk Software Ltd.’s Cloud Entitlements Management tools. This is where organizations can obtain resource usage and implement consistent cloud access policies across their entire cloud portfolio. It is priced at $10.40 per resource per month.
• Entra Verified ID, which automatically validates identity data and provides self-service account recovery and a companion digital wallet software development kit that can be used to integrate its functions with mobile apps. It’s included free with any Azure Active Directory subscription.
• Entra Workload Identities, which manage access controls for how apps, users and services connect and consume cloud resources. One feature is being able to automatically detect and mitigate compromised identities. It’s priced at $3 per identity per month.
• Entra Identity Governance, which will automate access controls across a cloud portfolio (below). Pricing was not available.
• Purview Information Protection, which has been renamed from the original Information Protection product. It helps classify, discover and protect sensitive data contained in Microsoft 365 applications and on other platforms.

Microsoft’s Entra product line can be easily controlled via this browser interface. Image: Microsoft

All Entra products are available for a free trial.

A second series of products was also announced today concerning a new collection of Azure confidential VM and container instances that support a higher level of security. These make use of various technologies found in the latest processors to offer a hardware-based trusted execution environment that protects the VM from being able to gain access to the overall hypervisor.

The VM can boot only when it verifies the trusted application, and the hard drive is encrypted using the VM’s trusted platform module, which means that the disk’s content is accessible only to that particular VM. Azure has a number of confidential features which were previously announced, including containers as part of Azure Kubernetes Service and confidential VMs for AMD-based equipment. 

Today’s announcement extends this confidential feature to Intel’s latest Xeon processors with its Trusted Domain Extensions feature enabled. Azure will also preview the ability to deploy confidential versions of Red Hat Enterprise Linux v9.2 on AMD-based VMs.

Microsoft also announced that its Azure Data Explorer will now support confidential operations, so that customers can analyze sensitive data. However, this support is available only on AMD-based VMs. Several Microsoft partners also announced their support for the confidential configurations, including SAP, BeeKeeper AI and Mithril Security’s Blind Box.

Managing the workloads and identity of a mixed collection of cloud and on-premises equipment and both internal and external identities were two features that have been lacking in Azure that Microsoft’s competitors, such as Ping Identity and Okta Inc., have had for a number of years. For example, prior to the Entra announcement, managing external identities using Microsoft O365 tools was cumbersome to specify the correct access rights.

Image: Pixabay