Microsoft: Building The Cloud, Securing The Future - How Microsoft Leveraged Azure To Lead In Cybersecurity (Pt.2)

Summary

• In Part 1 we discussed how Microsoft transitioned to the cloud to make Azure an unlikely market leader.
• In Part 2, we explore how Microsoft leveraged its on-prem Active Directory to create Azure AD, forming the foundation for its cybersecurity ecosystem and driving success in identity management.
• Part 2 is really about understanding the depth of Microsoft's cybersecurity moat, by exploring how each component strengthens one another.
• In Part 3 we will compare Microsoft directly to competitors in each of the four pillars of cybersecurity.

In Part 2 we're going to discuss the significance of Microsoft's (MSFT) on-prem AD and how they adapted this invaluable asset for the cloud, branded as Azure AD. We will also explain how Azure AD has become the backbone for MSFT's subsequent successful introductions of other cybersecurity products. Before we methodically work through all that, perhaps it is useful for investors to take a higher level view of where MSFT competes across cybersecurity. If you are a long-term subscriber, you'll be aware that we have sliced and diced the industry in various ways over the years, in attempt to make it easier to digest for investors. However, probably the simplest way is to view MSFT's portfolio across what we call the four pillars of cybersecurity: network, endpoint, cloud security, and identity management.

Interestingly, the order we listed these pillars also shows the evolution of innovation and change in the industry since the 1990s. For instance, in the 1990s, network security was the paramount security defense, mainly in the form of the firewall. In the late 1990s and 2000s, endpoint security became the predominant focus, with various antivirus vendors emerging with better malware detections. Then, in the mid-to-late 2010s, cloud security rose in prominence to address the expanded attack surface created by software development and applications running in the cloud. And kind of beginning in the late 2010s, but thrusted to the spotlight during the Covid-19 pandemic, identity has been front and center of cybersecurity to address the risks of operating across distributed IT infrastructure, whereby identity, not the network, has become the core element of secure access.

Even more interesting is that the beginning of MSFT's journey in cybersecurity can be traced back to identity management, with its on-prem AD, and from there the company has expanded to the other three pillars. In essence, it could be construed that MSFT has moved in the opposite direction of the general industry. And this appears to have been paying off handsomely in the past few years, because identity management - ultimately their core competence - has become one of the hottest and most important areas of cybersecurity. For instance, the overarching philosophy has become 'identity is the new perimeter', and this has spawned or re-promoted numerous sub-philosophies/technologies, such as zero trust, least privileged, UEBA, conditional access, adaptive authentication, identity-based microsegmentation, workload identities, and ITDR. And each one of these has identity-focused security at the core.

In essence, identity has become the most value-adding pillar of cybersecurity, and MSFT has the deepest identity expertise and the most identity-related entrenchment in the industry. It's kind of become an impenetrable moat that looks like it will only strengthen over time. And the other interesting thing is that this hasn't occurred via sheer innovation on MSFT's part. This moat has developed via smart business moves and natural market dynamics and evolution. In other words, a large amount of luck has enabled a tech giant to get bigger and bigger and increasingly integral to the operations of enterprises.

Now, MSFT competes in all four pillars. Here, we list MSFT's brands associated with each pillar and list a few key competitors:

• Identity: Active Directory for on-prem and Azure. Recently MSFT has added more identity-related solutions and packaged and rebranded the suite as Microsoft Entra. Key competitions are Okta, ForgeRock, OneLogin, Saviynt, CyberArk, SailPoint.
• Endpoint security: Defender began as a simple EPP antivirus in the 2000s and has since evolved to EDR and now XDR. Key rivals include CrowdStrike, SentinelOne, Palo Alto Networks, Cybereason, and legacy AV vendors such as Symantec and McAfee.
• Cloud security: MSFT has repurposed the Defender agent for runtime protection (i.e., CWP, or Cloud Workload Protection) in the cloud and has also introduced CSPM (Cloud Security Posture Management). They also have DevSecOps security integrated with GitHub. MSFT also sells cloud-based firewalls. The competition is far and wide, including big names like PANW, CRWD, and Wiz.
• Network security: the latest pillar MSFT has entered is network security, entering the SSE market under the Entra brand. Thus far, they have Entra Private Access (zero trust, or ZTNA) and Entra Internet Access (the SWG, or Secure Web Gateway). Key rivals are Netskope, PANW, FTNT, Cloudflare, and Zscaler.

MSFT pretty much has good enough products in each of these pillars. They are not BoB (best of breed) but good enough, and the attractive pricing offered via bundling and the E3 and E5 licenses makes MSFT a stronger competitor.

So, if MSFT's cybersecurity business was directly investable, we would say that the $20bn+ business is only going to get stronger over time, and would be bullish, indeed. Though, really, the purpose of this MSFT deep dive is to evaluate MSFT's key competitors across network security, endpoint security, cloud security, and identity, and how they may fare against this cybersecurity giant in the coming years.

However, we will save the head-to-head competitor comparisons across the four pillars for Part 3, scheduled to be published next week. For Part 2, we are going to learn more about MSFT's cybersecurity ecosystem to gain a deep understanding of the key components, beginning with Azure AD.

How MSFT Leveraged Active Directory to Transfer its Dominance from On-Prem to the Cloud

Part 1, where we dived into MSFT's advantages in promoting and establishing Azure as a market leader in cloud computing, serves as an apt segue into Part 2 where we will discuss MSFT's cybersecurity business. This is because the core component of Azure is Azure AD, and Azure AD is the foundation on which MSFT has built its cybersecurity ecosystem. In essence, Azure AD provides secure access to resources and apps across Azure.

Azure AD is tightly integrated into Azure's infrastructure and serves as the default IAM (Identity & Access Management) service for securely managing access to Azure resources. This integration influences most developer teams to leverage Azure AD for securely accessing infrastructure such as VMs, containers, and PaaS offerings like Azure App Service, which is used for building and hosting applications and APIs. Furthermore, Azure AD facilitates secure access to development platforms like GitHub and Azure DevOps, ensuring streamlined identity management across these tools in the software development lifecycle.