Government
,
Industry Specific
Rivals Say Microsoft Restricts Competition Around Identity. Will Regulators Agree?
Microsoft once again finds itself in the crosshairs of antitrust regulators, this time for practices around its Entra ID identity management product.
See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors
The Information reported the agency responsible for enforcing the European Union’s antitrust laws is probing whether Microsoft prevents customers from buying security software that competes with the Seattle-area cloud computing giant. The European Commission confirmed with Information Security Media Group that it had received several complaints regarding Microsoft’s Azure product and is assessing them based on standard procedures.
Microsoft doesn’t allow customers of Entra ID – called Azure Active Directory until last July – to replace it with rival identity management products from the likes of Okta or Cloudflare, according to The Information. Reuters reported Wednesday that regulators want to understand if Microsoft clients can rely exclusively on competing security software to authenticate into Microsoft services or if they’re required to use Entra ID for this function. A European Commission spokesperson told ISMG it has a number of investigative powers at its disposal, including sending requests for information.
Microsoft didn’t respond to a request for comment. Through the reach of Azure Active Directory, Microsoft controlled 23.8% of the $13.6 billion identity and access management market in 2021, while Okta was a distant second at just 9.2% market share, according to IDC.
Gartner in 2023 recognized Microsoft as a leader in access management alongside Okta, IBM, ForgeRock and Ping Identity. The latter two merged last year after both were taken private by Thoma Bravo. Gartner praised Microsoft for offering pricing below the market average; tightly integrating Entra ID, Microsoft 365 and Azure; and conducting stellar threat reporting and identity threat detection.
In a finding that antitrust investigators might find compelling, Gartner criticized Microsoft for requiring significant customization to onboard alternative multifactor authentication methods and for having a complex integration process with non-Microsoft products for external adaptive access or fine-grained authorization. Gartner also said specific access management features of Entra ID require further licensing, which will add costs to stop identity infrastructure attacks.
Not Microsoft’s First Antitrust Rodeo
Redmond’s bundling of security products with enterprise software licenses has allowed the firm to generate more than $20 billion in cyber sales in 2023 – and drawn the ire of regulators and rivals who argue Microsoft is using its market power to force customers into its security suite (see: Microsoft Security Sales Hit $20B as Consolidation Increases).
Just last year, the European Union opened its first antitrust probe into Microsoft in more than a decade after Salesforce-owned Slack complained that Microsoft had restricted competition by including its Teams meeting software with Office for free, according to The Information. Microsoft in October said it would allow European customers to pay a slightly lower price for a software bundle without the Teams app.
The U.S. Federal Trade Commission is probing how cloud server providers such as Microsoft and Amazon bundle their server rentals with other types of software (see: US FTC Seeks Information on Cloud Provider Cybersecurity).
In response, Google and other firms told the FTC that Microsoft uses its dominant position in business software to push customers to use its security software and other services.
Pure-play cybersecurity vendors have for years complained about an unfair fight against Microsoft, arguing the technology titan bolts its security products onto nonsecurity purchases in a manner that makes it impossible for rivals to compete on price.
Europe’s Entra ID investigation is something the cybersecurity industry will monitor very closely.