Trace Id is missing
Skip to main content
Microsoft Security

Microsoft Entra Permissions Management

Get one unified solution to manage the permissions of any identity across your multicloud infrastructure.

A person standing at their desk and working.

5 ways to secure identity and access in the age of AI

Help your organization be better prepared for the opportunities and challenges ahead by adopting a comprehensive defense-in-depth cybersecurity strategy that spans identity, endpoint, and network.

Discover, remediate, and monitor permission risks for any identity or resource

Microsoft Entra Permissions Management is a cloud infrastructure entitlement management (CIEM) product that provides comprehensive visibility and control over permissions for any identity and any resource in Microsoft Azure, Amazon Web Services (AWS) and Google Cloud Platform (GCP).

Get full visibility

Discover what resources every identity is accessing across your cloud platforms.

Automate the principle of least privilege

Make the most of usage analytics to ensure identities have the right permissions at the right time.

Unify cloud access policies

Implement consistent security policies across your cloud infrastructure.

Enhance your cloud security posture

Streamline permissions findings in the Microsoft Defender for Cloud dashboard and get a central view of your security posture.

Watch the video

Securing Multicloud Permissions with Microsoft Entra Permissions Management.

Manage your multicloud infrastructure

Discover all cloud permissions

Get comprehensive and multidimensional visibility into actions performed by any identity on any resource across your cloud infrastructures.

Learn more about viewing information about activity triggers.

Evaluate your permission risks

Assess permission risks by evaluating the gap between permissions granted and permissions used.

Manage permissions and access

Right-size permissions, grant permissions on demand, and automate just-in-time access.

Learn more about viewing information about activity triggers.

Monitor permissions continuously

Detect anomalous activities with machine learning-powered alerts and generate detailed forensic reports.

Back to tabs

Navigate multicloud with an integrated CIEM solution

Discover how Permissions Management helps you improve your security posture by ensuring the principle of least privilege across identities and resources in your infrastructure as a service (IaaS) infrastructure.

A diagram showing how Microsoft Entra Permissions Management detects, right-sizes, and monitors unused and excessive permissions and enables Zero Trust security through least privilege access in Microsoft Azure, AWS, and GCP.

Microsoft Entra Permissions Management

Originally starting from $10.40 now starting from $10.40

$10.40 $10.40


  • Permissions Management helps you:

    • Get a multidimensional view of your risk by assessing identities, permissions, and resources.
    • Automate least privilege policy enforcement consistently in your entire multicloud infrastructure.
    • Prevent data breaches caused by misuse and malicious exploitation of permissions with anomaly and outlier detection.
  • A billable resource is defined as a cloud service that uses compute or memory. Permissions Management supports all resources across Amazon Web Services, Microsoft Azure, and Google Cloud Platform, but only requires licenses for billable resources per cloud provider. Learn more.
  • Free 30-day trial: Try Permissions Management for free and run a risk assessment to identify the top permission risks across your multicloud infrastructure.

  • Receive recommendations to address permissions risks directly in the Microsoft Defender for Cloud dashboard. To explore further remediations, manage permissions, and access policy options in Permissions Management, licenses are required.

2024 State of Multicloud Security Risk Report

Gain insights into mitigating the primary identity and permissions risks across multicloud environments, along with other security and data security concerns.

A person using a tablet

Explore the Microsoft Entra product family

Safeguard connections between people, apps, resources, and devices with multicloud identity and network access products.

Identity and access management

  • Microsoft Entra ID (formerly Azure Active Directory)

    Manage and protect users, apps, workloads, and devices.

  • Microsoft Entra ID Governance

    Protect, monitor, and audit access to critical assets.

  • Microsoft Entra External ID

    Provide your customers and partners with secure access to any app.

  • Microsoft Entra Domain Services

    Manage your domain controllers in the cloud.

New identity categories

  • Microsoft Entra Verified ID

    Issue and verify identity credentials based on open standards.

  • Microsoft Entra Permissions Management

    Manage identity permissions across your multicloud infrastructure.

  • Microsoft Entra Workload ID

    Help apps and services securely access cloud resources.

Network access

  • Microsoft Entra Internet Access

    Secure access to internet, software as a service (SaaS), and Microsoft 365 apps.

  • Microsoft Entra Private Access

    Help users securely connect to private apps from anywhere.

Additional resources

Case study

Optimizing cloud permissions

Learn how organizations reduce the risks associated with over-provisioned identities with Permissions Management.


Permissions Management overview video

Learn how to help secure multicloud permissions with Permissions Management.


Dive deeper into the product

Get technical details on capabilities and deployment guidance for Permissions Management.


Stay up to date

Get product news, configuration guidance, product instructions, and tips.

Frequently asked questions

  • Cloud infrastructure entitlement management (CIEM) is the next generation of solutions for managing permissions. CIEM provides visibility into all actions performed by all identities, enforces the principle of least privilege, and continuously monitors for permission risks across multiple clouds.

  • Cloud permissions give identities the ability to perform an action on a resource across Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure.

  • When building and supporting a Zero Trust foundation, the principle of least privilege is an essential pillar. Maintaining least privilege means that identities are provisioned only with the least privileges they need to complete their day-to-day operations. Considering the explosion of permissions and identities across cloud infrastructures, enforcing the principle of least privilege manually has become almost impossible.

  • Permissions Management currently supports the three major public clouds: Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure.

Protect everything

Make your future more secure. Explore your security options today.

Follow Microsoft