The Expert's View with Michael Novinson

Government , Industry Specific

What EU Antitrust Probe Around Entra ID Means for Microsoft

Rivals Say Microsoft Restricts Competition Around Identity. Will Regulators Agree?
What EU Antitrust Probe Around Entra ID Means for Microsoft
Microsoft may have once again incurred the wrath of antitrust regulators for bundling security products too tightly. (Image: Shutterstock)

Microsoft once again finds itself in the crosshairs of antitrust regulators, this time for practices around its Entra ID identity management product.

See Also: When Every Identity is at Risk, Where Do You Begin?

The Information reported the agency responsible for enforcing the European Union's antitrust laws is probing whether Microsoft prevents customers from buying security software that competes with the Seattle-area cloud computing giant. The European Commission confirmed with Information Security Media Group that it had received several complaints regarding Microsoft's Azure product and is assessing them based on standard procedures.

Microsoft doesn't allow customers of Entra ID - called Azure Active Directory until last July - to replace it with rival identity management products from the likes of Okta or Cloudflare, according to The Information. Reuters reported Wednesday that regulators want to understand if Microsoft clients can rely exclusively on competing security software to authenticate into Microsoft services or if they're required to use Entra ID for this function. A European Commission spokesperson told ISMG it has a number of investigative powers at its disposal, including sending requests for information.

A Microsoft spokesperson told ISMG the company has built-in identity capabilities to ensure customers can access its cloud services. At the same time, the spokesperson said Microsoft allows for integration with third-party identity services like Ping and Okta as well as with security providers through open APIs. This allows customers to choose the arrangement that best fits their needs, the spokesperson said.

Through the reach of Azure Active Directory, Microsoft controlled 23.8% of the $13.6 billion identity and access management market in 2021, while Okta was a distant second at just 9.2% market share, according to IDC.

Gartner in 2023 recognized Microsoft as a leader in access management alongside Okta, IBM, ForgeRock and Ping Identity. The latter two merged last year after both were taken private by Thoma Bravo. Gartner praised Microsoft for offering pricing below the market average; tightly integrating Entra ID, Microsoft 365 and Azure; and conducting stellar threat reporting and identity threat detection.

In a finding that antitrust investigators might find compelling, Gartner criticized Microsoft for requiring significant customization to onboard alternative multifactor authentication methods and for having a complex integration process with non-Microsoft products for external adaptive access or fine-grained authorization. Gartner also said specific access management features of Entra ID require further licensing, which will add costs to stop identity infrastructure attacks.

Not Microsoft's First Antitrust Rodeo

Redmond's bundling of security products with enterprise software licenses has allowed the firm to generate more than $20 billion in cyber sales in 2023 - and drawn the ire of regulators and rivals who argue Microsoft is using its market power to force customers into its security suite (see: Microsoft Security Sales Hit $20B as Consolidation Increases).

Just last year, the European Union opened its first antitrust probe into Microsoft in more than a decade after Salesforce-owned Slack complained that Microsoft had restricted competition by including its Teams meeting software with Office for free, according to The Information. Microsoft in October said it would allow European customers to pay a slightly lower price for a software bundle without the Teams app.

The U.S. Federal Trade Commission is probing how cloud server providers such as Microsoft and Amazon bundle their server rentals with other types of software (see: US FTC Seeks Information on Cloud Provider Cybersecurity).

In response, Google and other firms told the FTC that Microsoft uses its dominant position in business software to push customers to use its security software and other services.

Pure-play cybersecurity vendors have for years complained about an unfair fight against Microsoft, arguing the technology titan bolts its security products onto nonsecurity purchases in a manner that makes it impossible for rivals to compete on price.

Europe's Entra ID investigation is something the cybersecurity industry will monitor very closely.

Updated at 16:15 UTC Thursday with comments from Microsoft.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.