Microsoft has introduced the retirement of Entra Permissions Administration (previously CloudKnox), with gross sales ending June 30, 2025.
EPM provided precious visibility into cloud permissions, serving to groups determine overprivileged identities throughout AWS, Azure, and GCP. However for a lot of organizations, that visibility got here with vital handbook overhead: Coverage rewrites, change home windows, and time-consuming investigations.
As EPM sunsets, Microsoft has named Delinea as a transition associate. Delinea gives a Privileged Entry Administration (PAM) strategy targeted on credential vaulting and session management. However for groups managing complicated, fast-moving cloud environments, the necessity goes past controlling credentials. The true problem is managing permissions and doing it repeatedly, with out slowing down the enterprise.
Why Visibility Alone Isn’t Sufficient
EPM was designed to assist organizations uncover permissions danger, however not implement controls. Even with visibility, many groups have been left to:
- Manually analyze entry patterns
- Construct and check customized IAM insurance policies
- Remediate danger with out breaking workloads
In cloud environments the place identification modifications continuously — throughout accounts, providers, and exterior integrations — handbook workflows don’t scale, and visibility with out motion leaves gaps.
The Alternative: Transfer From Monitoring to Enforcement
The retirement of EPM is an opportunity to rethink your cloud identification technique. As an alternative of changing one visibility software with one other, organizations can transfer towards options that automate entry management and repeatedly cut back identification danger.
Fashionable cloud safety requires:
- Imposing least privilege throughout human and machine identities
- Integrating with developer workflows and approval instruments
- Adapting in actual time as cloud environments evolve
- Managing third-party entry with out exceptions or handbook workarounds
- Avoiding friction that slows down engineering groups
Sonrai’s Cloud Permissions Firewall: Constructed for Fashionable Cloud Identification Danger
The Cloud Permissions Firewall from Sonrai Safety is designed to satisfy at present’s cloud entry challenges head-on. Fairly than counting on dashboards and handbook cleanup, the Firewall permits organizations to take management of identification danger and dramatically cut back it with automation.
Automated Least Privilege
The Firewall repeatedly analyzes exercise and removes unused permissions primarily based on actual utilization knowledge. A single world coverage enforces least privilege throughout your atmosphere with out customized coverage engineering.
Zero Disruption to DevOps
Entry that’s getting used stays in place. Builders and workloads aren’t interrupted. If entry is required, the Firewall routes the request via Slack, Groups, or Electronic mail for approval and mechanically updates permissions.
Built-in Simply-in-Time Entry
Entry is granted solely when it’s wanted, managed by cloud-native insurance policies and authorised via chat instruments like Slack or Groups. This minimizes standing privilege whereas delivering quick, auditable entry aligned with enterprise intent.
No Soar Packing containers
Sonrai doesn’t proxy periods or insert new instruments into the workflow. Customers proceed to entry sources via native cloud consoles, CLIs, and APIs.
Third-Get together Entry, Totally Managed
With CPF, organizations achieve full visibility and management over exterior identities — distributors, contractors, and companions. You’ll be able to implement least privilege for third-party accounts, monitor their exercise, and mechanically revoke unused entry on a steady foundation.
A Shift from Vaults to Coverage
PAM instruments like Delinea play an essential position in managing credentials. However at present’s cloud identification danger stems from permissions, not simply secrets and techniques. Least privilege isn’t about managing passwords. It’s about managing what identities can do in your atmosphere.
Cloud Permissions Firewall addresses the actual root of cloud identification danger:
- Advanced inheritance
- Unused and overbroad permissions
- Exterior entry pathways
- Misaligned insurance policies that persist over time
Don’t Substitute EPM. Rethink the Downside.
The tip of Entra Permissions Administration presents greater than a tooling resolution. It’s an opportunity to make significant progress in cloud identification safety.
Sonrai’s Cloud Permissions Firewall helps safety groups transfer past monitoring to enforcement. It’s a purpose-built resolution for organizations that wish to cut back danger, obtain least privilege quicker, and preserve management as their cloud environments develop.
