Microsoft's decision to transition Entra Permissions Management capabilities to Delinea's Privileged Access and Cloud Entitlement Management (PCCE) platform marks a significant shift in the cloud security landscape. This strategic move, announced in late 2023, represents Microsoft's recognition of Delinea's specialized expertise in privileged access management while allowing Microsoft to focus on core Entra identity services.

Understanding the Technology Transition

The transition involves migrating Microsoft Entra Permissions Management (formerly CloudKnox) functionality to Delinea's PCCE platform. This includes:

  • Cloud infrastructure entitlement management (CIEM) capabilities
  • Privileged access management (PAM) for cloud environments
  • Risk-based policy enforcement across multi-cloud deployments
  • Just-in-time access provisioning workflows

Microsoft customers currently using Entra Permissions Management will need to migrate to Delinea PCCE by the announced deadline, with Microsoft providing transition tools and support.

Why Microsoft Made This Strategic Decision

Several factors likely influenced this transition:

  1. Focus on Core Identity Services: Microsoft wants to concentrate Entra development on its identity verification and access management capabilities
  2. Delinea's Specialized Expertise: Delinea has deeper experience in privileged access management, with their Thycotic acquisition strengthening their PAM offerings
  3. Market Consolidation: The security tools market is consolidating around best-of-breed solutions
  4. Partnership Synergies: The companies already had integration between their products

Key Benefits of the Delinea PCCE Platform

For organizations making the transition, Delinea's PCCE offers several advantages:

  • Unified PAM and CIEM: Combines privileged access and cloud entitlement management in one platform
  • Broader Multi-Cloud Support: Extends beyond Azure to AWS, Google Cloud, and hybrid environments
  • AI-Powered Risk Analysis: Uses machine learning to identify anomalous permission usage
  • Granular Workflow Automation: Enables precise access control policies across cloud resources

Migration Considerations for Enterprises

Organizations using Entra Permissions Management should prepare for the transition by:

  1. Auditing Current Usage: Document all existing permission policies and integrations
  2. Planning the Migration Timeline: Coordinate with both Microsoft and Delinea support teams
  3. Testing in Staging Environments: Validate all workflows before production cutover
  4. Training Security Teams: Delinea's interface and capabilities differ from Microsoft's implementation
  5. Reviewing Licensing Costs: Compare current Entra licensing with Delinea's pricing model

Potential Challenges and Risks

While the transition offers benefits, organizations should be aware of potential challenges:

  • Migration Complexity: Moving historical permission data and audit logs may require custom scripts
  • Temporary Coverage Gaps: During transition, some visibility into permission risks may be reduced
  • Integration Changes: Existing automations using Entra APIs will need reworking for Delinea's API
  • Learning Curve: Security teams familiar with Microsoft's interface will need time to adjust

Microsoft has committed to providing robust migration tools and documentation to minimize these risks.

The Future of Cloud Permission Management

This transition reflects broader trends in cloud security:

  • Specialization: Vendors focusing on their core competencies rather than trying to provide everything
  • Consolidation: Merging of PAM and CIEM capabilities into unified platforms
  • AI Integration: Increasing use of machine learning for permission risk analysis
  • Automation: More sophisticated workflow engines for access provisioning

Delinea's roadmap for PCCE includes enhanced AI capabilities and deeper Kubernetes integration, positioning it as a leader in this evolving market.

Comparative Analysis: Entra vs. PCCE

Feature Microsoft Entra Permissions Management Delinea PCCE
Core Focus Part of broader identity platform Specialized PAM/CIEM
Cloud Coverage Strong Azure integration Multi-cloud balanced support
AI Capabilities Basic risk scoring Advanced behavioral analysis
Privileged Access Basic JIT provisioning Full PAM lifecycle
Deployment Options Cloud-native Hybrid and on-prem options

Actionable Recommendations

For organizations affected by this transition:

  1. Engage Early: Start migration planning now rather than waiting for the deadline
  2. Leverage Support: Utilize migration resources from both vendors
  3. Reassess Needs: Use this as an opportunity to review and optimize permission strategies
  4. Update Documentation: Ensure runbooks and procedures reflect the new platform
  5. Monitor Performance: Track key metrics before and after migration

The Bigger Picture: Cloud Security Evolution

This transition exemplifies how the cloud security market is maturing. As organizations adopt more sophisticated cloud architectures, security solutions must specialize while maintaining integration capabilities. The Microsoft-Delinea partnership demonstrates how leading vendors can collaborate to provide best-of-breed solutions without requiring customers to manage multiple disjointed tools.

Looking ahead, we can expect to see:

  • More partnerships between broad platforms and specialty security providers
  • Increased use of AI for predictive permission management
  • Tighter integration between CIEM and other security operations tools
  • Standardization of permission management APIs across cloud providers

For Windows-centric organizations, this transition represents both a challenge and an opportunity to strengthen cloud security posture with a more specialized solution while maintaining tight integration with Microsoft's identity ecosystem.