Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Entra Permissions Management retirement: what IAM teams should do now


(@sailpoint)
Reputable Member
Joined: 1 year ago
Posts: 163
Topic starter  

TL;DR: Microsoft’s retirement of Entra Permissions Management leaves a CIEM gap across Azure, AWS, and Google Cloud, with SailPoint positioning its CIEM offering as the replacement path for visibility, least-privilege enforcement, and review workflows. The real issue is not product substitution but whether cloud entitlement governance is mature enough to survive a platform exit without losing control of privilege creep.

NHIMG editorial — based on content published by SailPoint: Microsoft ends Entra Permissions Management and the case for CIEM

By the numbers:

Questions worth separating out

Q: How should security teams govern cloud entitlements after a CIEM platform retirement?

A: Treat the retirement as a programme test, not a procurement event.

Q: Why do cloud entitlements drift out of control in multi-cloud environments?

A: Cloud entitlements drift because access is often granted through different native models, inherited roles, and exceptions that are not reconciled against current job need.

Q: What breaks when access reviews do not include cloud service accounts and projects?

A: Reviews miss the places where overprovisioning often hides.

Practitioner guidance

  • Map cloud entitlement sources end to end Inventory where permissions are assigned across Azure, AWS, and Google Cloud, then document which identity governance process owns each access path.
  • Tie entitlement reviews to lifecycle events Trigger cloud access review and removal when a user changes role or leaves, and retain evidence that the change was completed across all cloud providers.
  • Prioritise effective access over assigned access Focus reviews on what an identity can actually do in the cloud, not just what appears on paper in a directory.

What's in the full article

SailPoint's full blog covers the operational detail this post intentionally leaves for the source:

  • The product-specific CIEM capability set for Azure, AWS, and Google Cloud entitlement management
  • The customer example showing audit-cycle effort reduction and how reporting was centralised
  • The article's own positioning on SailPoint Identity Security Cloud integration and migration path from Microsoft Entra
  • The vendor's commentary on why its CIEM features are framed as the replacement option

👉 Read SailPoint’s blog on Microsoft ending Entra Permissions Management and CIEM options →

Entra Permissions Management retirement: what IAM teams should do now?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

CIEM retirement exposes a control dependency, not just a product dependency. When a dedicated entitlement platform disappears, organisations do not merely lose a dashboard. They lose a repeatable way to normalise cloud access, detect overprovisioning, and prove that access removal is happening on time. The governance lesson is that cloud entitlement control should not be anchored to a single tooling relationship when the underlying risk is structural.

A few things that frame the scale:

  • 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to The 2026 Infrastructure Identity Survey.
  • Only 13% of organisations feel extremely prepared for the reality of agentic AI, even though the majority are already moving toward autonomous adoption.

A question worth separating out:

Q: Who is accountable when cloud access removal is not auditable?

A: Accountability sits with the identity governance and cloud security functions that own entitlement evidence, not with the business user alone. If removal cannot be proven, the organisation cannot demonstrate least privilege, effective offboarding, or a defensible review process during audit or incident response.

👉 Read our full editorial: Entra Permissions Management retirement raises the bar for ciem



   
ReplyQuote
Share: