Microsoft announced the public preview of its cloud infrastructure entitlement management (CIEM) services to help customers manage identity permissions in their multicloud environment and improve their zero-trust security posture.

The vendor’s CIEM capabilities came from its CloudKnox Security acquisition last summer. CloudKnox built a multicloud permissions management platform to protect cloud infrastructure and identities.

“CloudKnox Permissions Management offers detailed visibility into all identities and their permissions granted and permissions used, across your cloud infrastructure, so you can uncover any action performed by any identity on any resource,” Alex Simons, corporate VP of program management at Microsoft, wrote in a blog post.

The service extends the visibility to both user and workload identities including virtual machines and containers across three major cloud providers — Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform, he added.

It also automates least-privilege access by continuously analyzing historical permission usage data for each identity and allowing customers to right-size permissions for that identity, which helps boost zero-trust security. 

Additionally, the management service will send anomaly detection alerts to notify users about suspicious activity to prevent privilege misuse and potential data breach.

Along with the CloudKnox Permissions Management, Microsoft also announced the extension of its native cloud security capabilities to Google Cloud in addition to its existing AWS and Azure support. Microsoft Defender for Cloud provides cloud security management and cloud workload protection that identifies configuration weak spots across the three cloud providers.

“Organizations can now easily understand and manage their security posture across clouds and protect their workloads from a central place - no matter if they’re running in Azure, AWS, GCP, or on-premises,” Gilad Elyashar, head of product management at Microsoft Defender for Cloud, wrote in a blog post. “It also makes Microsoft the only cloud provider who enables you to manage security centrally across clouds.”