Microsoft has announced the retirement of Entra Permissions Management (formerly CloudKnox), with sales ending June 30, 2025.
EPM offered valuable visibility into cloud permissions, helping teams identify overprivileged identities across AWS, Azure, and GCP. But for many organizations, that visibility came with significant manual overhead: Policy rewrites, change windows, and time-consuming investigations.
As EPM sunsets, Microsoft has named Delinea as a transition partner. Delinea offers a Privileged Access Management (PAM) approach focused on credential vaulting and session control. But for teams managing complex, fast-moving cloud environments, the need goes beyond controlling credentials. The real challenge is managing permissions and doing it continuously, without slowing down the business.
Why Visibility Alone Isn’t Enough
EPM was designed to help organizations discover permissions risk, but not enforce controls. Even with visibility, many teams were left to:
- Manually analyze access patterns
- Build and test custom IAM policies
- Remediate risk without breaking workloads
In cloud environments where identity changes constantly — across accounts, services, and external integrations — manual workflows don’t scale, and visibility without action leaves gaps.
The Opportunity: Move From Monitoring to Enforcement
The retirement of EPM is a chance to rethink your cloud identity strategy. Instead of replacing one visibility tool with another, organizations can move toward solutions that automate access control and continuously reduce identity risk.
Modern cloud security requires:
- Enforcing least privilege across human and machine identities
- Integrating with developer workflows and approval tools
- Adapting in real time as cloud environments evolve
- Managing third-party access without exceptions or manual workarounds
- Avoiding friction that slows down engineering teams
Sonrai’s Cloud Permissions Firewall: Built for Modern Cloud Identity Risk
The Cloud Permissions Firewall from Sonrai Security is designed to meet today’s cloud access challenges head-on. Rather than relying on dashboards and manual cleanup, the Firewall enables organizations to take control of identity risk and dramatically reduce it with automation.
Automated Least Privilege
The Firewall continuously analyzes activity and removes unused permissions based on real usage data. A single global policy enforces least privilege across your environment without custom policy engineering.
Zero Disruption to DevOps
Access that’s being used stays in place. Developers and workloads aren’t interrupted. If access is needed, the Firewall routes the request through Slack, Teams, or Email for approval and automatically updates permissions.
Integrated Just-in-Time Access
Access is granted only when it’s needed, controlled by cloud-native policies and approved through chat tools like Slack or Teams. This minimizes standing privilege while delivering fast, auditable access aligned with business intent.
No Jump Boxes
Sonrai does not proxy sessions or insert new tools into the workflow. Users continue to access resources through native cloud consoles, CLIs, and APIs.
Third-Party Access, Fully Controlled
With CPF, organizations gain full visibility and control over external identities — vendors, contractors, and partners. You can enforce least privilege for third-party accounts, monitor their activity, and automatically revoke unused access on a continuous basis.
A Shift from Vaults to Policy
PAM tools like Delinea play an important role in managing credentials. But today’s cloud identity risk stems from permissions, not just secrets. Least privilege isn’t about managing passwords. It’s about managing what identities can do in your environment.
Cloud Permissions Firewall addresses the real root of cloud identity risk:
- Complex inheritance
- Unused and overbroad permissions
- External access pathways
- Misaligned policies that persist over time
Don’t Replace EPM. Rethink the Problem.
The end of Entra Permissions Management presents more than a tooling decision. It’s a chance to make meaningful progress in cloud identity security.
Sonrai’s Cloud Permissions Firewall helps security teams move beyond monitoring to enforcement. It’s a purpose-built solution for organizations that want to reduce risk, achieve least privilege faster, and maintain control as their cloud environments grow.
