Microsoft is jumping into the competitive Secure Service Edge (SSE) arena with a software package aimed at protecting its Windows and Azure customers as well as other cloud-based enterprise resources.\nThe new software is part of Microsoft\u2019s Entra identity and network access suite, and it features two new elements \u2013 Entra Internet Access and Entra Private Access \u2013 that will control and secure access to cloud-based resources. Those two new pieces, coupled with Microsoft\u2019s existing SaaS-focused cloud-access security broker (CASB), called Microsoft Defender for Cloud apps, comprise Microsoft's SSE package.\nSSE packages, according to Gartner, include access control, threat protection, data security, security monitoring, and acceptable-use control enforced by network-based and API-based integration. SSE is primarily delivered as a cloud-based service, and it may include on-premises or agent-based components, the research firm says.\nAs for the new components, Microsoft Entra Internet Access is a secure web gateway (SWG) for SaaS apps and internet traffic that protects against malicious internet traffic, unsafe or non-compliant content, and other threats from the open internet.\n\u201cFor example, you can block access to all external destinations for your high-risk users or non-compliant devices except self-service password reset pages,\u201d according to a blog by Sinead O'Donovan, vice president of product management with Microsoft\u2019s identity and network access division. \u201cIt also extends the conditions of conditional access with network conditions and would prevent, for example, a stolen access session token from being replayed by requiring a user to be on a \u2018compliant network\u2019 to access resources.\u201d\nEntra Private Access implements zero trust network access (ZTNA) technology for controlling access to private applications, no matter where the user is \u2013 in the office or remote - and regardless of where the application is hosted \u2013 a local on-premises data center or in any public cloud, according to O\u2019Donovan.\u00a0\n\u201cCustomers don\u2019t need to make any changes to applications or resources to add another layer of security controls such as multifactor authentication (MFA), device compliance check, identity protection, identity governance, and single sign-on to any TCP\/UDP-based application, including SSH, RDP, SAP, and SMB file shares and other private resources,\u201d O\u2019Donovan stated.\u00a0\nUsing attribute-based conditional access policies, customers can create simple policies to more effectively target groups of applications based on the sensitivity of the application for the enterprise. Examples of such policies include requiring MFA, device compliance, low user risk, compliant network for highly sensitive applications, or even specific per application conditional access policies, O\u2019Donovan wrote.\u00a0\n\u201cWith deep integration with conditional access and continuous access [security features in Azure] evaluation, you can enable secure, seamless access with modern authentication in front of legacy auth protocols such as Kerberos or [Microsoft Windows New Technology LAN Manager] without changing legacy apps,\u201d O\u2019Donovan stated.\u00a0\nInternet Access and Private Access share the same agent, which works across operating systems and provides consistent connectivity across devices and networks. Customers can enforce unified conditional access policies that consider identity, device, application, and now network conditions with any application or website, regardless of which IdP the application uses and without changing those applications, O\u2019Donovan stated.\nThe SSE market includes players such as Palo Alto, Zscaler, Netskope and others. Most recently, Cisco announced its SSE offering that aims to help enterprises securely connect growing edge resources, including cloud, private and SAAS applications.\nCisco\u2019s SSE package, called Cisco Secure Access, features ZTNA, SWG, CASB, firewall as a service (FWaaS), DNS security, remote browser isolation (RBI) and other security capabilities. It\u2019s designed to secure any application via any port or protocol, with optimized performance and continuous verification and granting of trust\u2014all from a single, cloud-managed dashboard, Cisco said.\nAnalysts say Microsoft, while a late to the market, will be a welcome player in the SSE arena given its large customer base.\n\u201cCisco, Palo Alto Networks, Symantec, and Zscaler have a multi-year start over Microsoft. Gaining momentum in a crowded market will take work,\u201d wrote Dell \u2018Oro Group research director, Mauricio Sanchez in a blog about the SSE announcement.\n\u201cEveryone knows who Microsoft is and generally enjoys substantial goodwill among its customer base. A large salesforce and partner ecosystem will open many doors,\u201d Sanchez stated. \u201cLarge enterprises that are strong Microsoft shops and take advantage of Microsoft\u2019s Enterprise Licensing Agreement benefits could lead to significant uptake of Microsoft SSE solution.\u201d\nAlso, no other SSE vendor has the same identity vendor chops that Microsoft brings. SSE is identity-heavy, which Microsoft can exploit by owning the identity use cases end-to-end, Sanchez stated.\nMicrosoft Windows and Office 365 clients can preview the SSE software, and it will be generally available for other operating systems later this year.