How will Microsoft enter the SASE market?

Last week was a busy one for Microsoft. Between renaming Azure AD to Entra and releasing some details for the Storm-0558 APT, they had a few things on their plate.

When I think of last week for Microsoft, I think of those cheesy motivational posters of icebergs, where you only see the part of the iceberg above the waterline that demonstrates the public results, but you don’t see all the iceberg under the water the represents the mountains of effort that went into the effort of renaming Azure AD to Entra. While some of this is marketing-related and creating a better brand for their IAM product(s), much of this is tied to the new launch of their SASE/ZTNA products, Entra Internet Access, and Entra Private Access.

The rename of Azure AD to Entra also has a few other notable things, one of the most exciting being Entra Verified ID. The decentralized nature and the verified credentials could be big game changes, both on the employee front as well as for members and customers.

While Microsoft’s IAM tools have been competitive in Azure AD when compared to other identity providers, like Okta, Duo, SailPoint, etc, it has been missing some of the network components of SASE. Entra Internet and Entra Private bring some of those missing components into the Azure AD, ahem, Entra, family of solutions.

Companies like Cato, Cloudflare, and Palo Alto all have network solutions to SASE/ZTNA. All have an endpoint client that can auto-provision VPN connectivity back to multiple cloud data centers from the providers, enabling an organization to appropriately tunnel network traffic, but based on the user’s identity and their device security posture. Depending on the configurations, users no longer have to deal with VPN logins, trying to remember bookmarks or URLs to get to their applications, and if IT is on the ball, they have SSO enabled for their applications.

All of those vendors provide a URL filtering solution for remote users, source IP management (for whitelisting access to public applications), and solutions for getting access to on-prem or cloud-based private services. The new SASE product set offers a Microsoft-based solution that integrates with Azure AD’s (now Entra ID) IAM features to enhance remote and hybrid user identity and device security.

More often than not, Microsoft tends to be a fast follower of leading-edge security tools. Many companies beat them to a full feature set in a SASE product. However, Microsoft tends to catch up very quickly and tends to win the integration game with the rest of its security tools, many of which community financial institutions already use. Have you met a bank or credit union not running Active Directory on-prem?

Pure IT is excited to see how Microsoft will progress with its SASE offerings. Fully integrated technology and security solutions dramatically improve the end-user experience, which will ultimately increase security when done correctly. With many credit unions and banks having already rolled out Zscaler, Cato, Prisma (Palo Alto), or Cloudflare, Entra may have difficulty displacing them. However, when renewals come up and Entra’s SASE offerings mature, it won’t be surprising to see business flow to Microsoft.