Effective April 2025, Microsoft announced the retirement of the standalone Microsoft Entra Permissions Management (MEPM) license. This product will be removed from the Product Terms and will no longer be available. The product will be fully retired, and support will be discontinued on October 1, 2025.
Why this change?
In May 2024, Microsoft announced that Microsoft Entra Permissions Management (MEPM) capabilities were enabled in Defender for Cloud as part of the paid-for Defender Cloud Security Posture Management (CSPM) plan.
Microsoft remains committed to delivering top-tier solutions across the Microsoft Entra portfolio, which includes Microsoft Entra ID, Microsoft Entra Suite (encompassing ID Protection, ID Governance, Verified ID, Internet Access, and Private Access), Microsoft Entra External ID, Microsoft Entra Workload ID, and more.
What will happen to existing customers?
Existing customers will retain access to Microsoft Entra Permissions Management from April 1, 2025, through September 30, 2025, with full support for all existing functionality during this period. The product will be discontinued on October 1, 2025. Existing customers should who have already deployed the product begin planning for the transition, while those who have not yet deployed it should refrain from doing so. To continue using the features of the retired product, Microsoft recommends switching to the Microsoft Defender CSPM plan, which will continue all features of Entra Permissions Management. For enhanced CIEM capabilities, Microsoft recommends transitioning to an alternative Cloud Infrastructure Entitlement Management (CIEM) solution, like Delinea: https://delinea.com/microsoft-ciem.
What will happen to the Defender for Cloud experience?
The upcoming changes to Microsoft Entra Permissions Management will not impact the existing Cloud Infrastructure Entitlement Management (CIEM) capabilities within Microsoft Defender for Cloud. All the permissions management functionalities you currently depend on, such as identity discovery, permissions visibility, and entitlement governance, will continue to be fully available in Defender Cloud Security Posture Management (CSPM). This ensures that your cloud security operations will proceed seamlessly without any interruptions.
What is Microsoft Entra Permissions Management?
Microsoft Entra Permissions Management (MEPM) is a Cloud Infrastructure Entitlement Management (CIEM) tool that provides permissions insights for identities in Microsoft Azure, AWS, and Google Cloud Platform (GCP). It helps organizations manage and control user access and entitlements in their cloud infrastructure, ensuring that access rights adhere to the principle of least privilege. It helps you assess assigned permissions against actual usage to highlight unnecessary entitlements, allowing you to significantly reduce identity-based risk and permissions sprawl.
What should I do now?
To ensure a smooth transition, you should:
- Determine if your organization is currently using the standalone MEPM product
- Already deployed: Plan for the transition to Microsoft Defender for Cloud or Delinea.
- Not yet deployed: Don’t deploy, and switch to Microsoft Defender for Cloud or Delinea.
- Contact your SCHNEIDER IT MANAGEMENT representative to discuss the transition and receive migration guidance.
More information
Reassurance, that Defender for Cloud will include the MEPM features: https://techcommunity.microsoft.com/blog/microsoftdefendercloudblog/the-future-of-ciem-in-microsoft-defender-for-cloud/4398169.