Exclusive Google says the European Union's antitrust authorities have asked if Microsoft unfairly ties authentication to Azure, in a further sign that officials are considering multiple aspects of Redmond's policies.

Specifically, the team probing the complaints against Microsoft are trying to understand if customers must use Entra ID - a cloud-based identity and access management solution formerly branded Azure AD - to access Microsoft services or if they can also use rivals' tech.

That specific question from the EU has landed on Google's desk, Amit Zavery, Vice President of the cloud platform, told The Register. He said Microsoft has baked complexity and "layers" into its licensing.

"It's an art and science they created for many years as it takes a lot of unraveling," he said.

"What happens a lot of times with Entra is that you pull in a lot of things from Azure, even though it's not necessarily required technically, or you have to force a third party or other vendor to have to use those pieces from Microsoft, before we can get access to Windows, or we can get access to Office 365."

He claimed Microsoft can remove interfaces or APIs or "make changes without giving any ability for other vendors to keep up." Zavery added: "All those things really create the barriers. It might look innocuous initially but if you add all these things up."

Sysadmins we spoke to have only ever used Entra ID to access Microsoft 365 resources. "I've never known anybody to use Samba or a different directory to log in," said one. "As soon as you create a 365 tenancy, it also creates an Entra ID as your ID, they are intrinsically linked."

It might be, at the risk of annoying a portion of The Reg readership, that rivals are victims of Microsoft's success. Third parties certainly sell their own ID and authentication services into Microsoft estates.

Okta, for example, boasts "seamless integration with Microsoft technologies and beyond." It says it can provide access to "any" of Microsoft's "newer online services beyond Office 365," and by using Okta, customers can join devices, use Windows Hello facial recognition, and get "secure access to non-SSO applications using the Okta Windows Edge browser plug-in."

The number of customers Okta claims to have, though, is just a drop in the digital authentication ocean - "900 Enterprises and thousands of users." The service is also applicable to non-Microsoft applications.

Zavery conceded techies can get around this but pointed out that small businesses or startups might not have deeper technical resources on hand and larger customers might not want to introduce risk or doubts.

We asked the European Commission for comment about the specific probe and a spokesperson sent us a standard statement: "The Commission has received several complaints regarding Microsoft, including in relation to its product Azure, which we are assessing based on our standard procedures. In general, the Commission has a number of investigative powers at its disposal, including the sending of requests for information."

In a statement sent to The Register, a spokesperson for Microsoft told us: "Like other cloud SaaS services, Microsoft has built-in identity capabilities which ensure our customers can securely access our cloud services.

"We also provide open APIs, enabling seamless integration with third-party identity services like Ping and Okta as well as with security providers to allow our customers to choose the solution that best fits their needs."

Antitrust teams in Europe, the US, and the UK are all inspecting claims from rivals including AWS that Microsoft's licensing policies are anti-competitive and designed to lock in customers. The Entra ID questions being sent by the EU is but one strand of the overall investigation.

Answers are also being sought as to why Microsoft charges more to license software that runs in a rival's cloud, and why AWS, Google, and Alibaba are classified as listed providers, which means their customers are actually prohibited from running certain Microsoft software on their own cloud infrastructure.

Microsoft made concessions for smaller cloud providers in October 2022, and reached a confidential settlement with OVHcloud, Aruba S.p.A., and DCC in Europe after the trio filed a joint complaint with EU about Microsoft licensing. The contents of that agreement will not be made public.

Similarly, the Cloud Infrastructure Service Provider for Europe (CISPE) lobby group - which is backed by AWS - is currently negotiating with Microsoft to reach their own settlement. It had refused an earlier offer, branding it as "paltry."

The UK's Competition and Markets Authority is scrutinizing the health of the local cloud market, and in its submission to the CMA, AWS accused Microsoft of restricting choice and making it "financially unviable" for customers to choose anyone other than Microsoft. Which is perhaps a bit rich given the sprawling size of Amazon's revenue base.

The CMA is considering egress fees - or was until Google then AWS and finally Microsoft made moves to address any concerns by ditching them - as well as discounted pricing, interoperability, and software licensing.

In the US, the Federal Trade Commission is also monitoring proceedings, and Microsoft was accused by Google of running a cloud monopoly, something that the other business areas of Google know only too well. ®

https://www.theregister.com//2024/03/22/eu_antitrust_microsoft_entra_id/