Connect with us

Hi, what are you looking for?


Endpoint Security

Did Microsoft Just Upend the Enterprise Browser Market?

NEWS ANALYSIS: Redmond plants its feet firmly in the enterprise browser space, sending major ripples through Silicon Valley’s bustling venture-backed startup ecosystem.

Microsoft AI

NEWS ANALYSIS: Redmond plants its feet firmly in the enterprise browser space, sending major ripples through Silicon Valley’s bustling venture-backed startup ecosystem.

Without much fanfare last week, Microsoft planted both feet firmly in the enterprise browser space, releasing a product promising a native browsing experience tightly integrated with enterprise-grade security and manageability features.

This strategic play, automatically rolled out to billions of Microsoft customers signing in with Entra ID (formerly Azure Active Directory), is sure to disrupt Silicon Valley’s bustling venture-backed startup ecosystem where hundreds of millions have been wagered on companies in the enterprise browser category.

The new product — called “Microsoft Edge for Business” —  natively separates work and personal browsing into dedicated browser windows with their own favorites, separate caches and storage locations. 

Microsoft is pitching this browser separation as a business feature that blocks work-related content and data from intermingled with personal browsing, preventing end users from accidentally sharing sensitive information. 

“Microsoft Edge for Business is going to be the standard browser experience for organizations,” Redmond boasted.

“With separate caches and storage locations, user information stays separate and personal data can be excluded from enterprise sync, giving users the privacy they want. Meanwhile, IT maintains controls over the security and compliance posture of Microsoft Edge, whether work or personal,” the company added.

The Microsoft move, first announced at the software giant’s Build conference in May, threatens to destabilize the venture-backed startup landscape, where vast sums have been invested on early-stage companies building security-themed browsers for corporate customers.

Advertisement. Scroll to continue reading.

Despite doubts about product category and size of the market, several startups have banked massive funding rounds (some at ‘unicorn’ valuations) to work on enterprise browser products. Competing companies include Talon Cyber Security, a startup that raised $143 million to build a security-centric browser based on Chromium; Island, a Texas company that secured $285 million to work on enterprise browsing software; and Surf, a company selling a zero-trust enterprise browser.

Investors have also poured capital into startups working on browser extensions to secure corporate browsing experiences. Companies in this space include SlashNext, LayerX, Seraphic and Red Access.

The pitch from these startups is that the major browser vendors — Microsoft and Google — do not provide adequate tooling to protect identities and data flowing through web browsers when employees are working from home, some on personal devices. With a separate enterprise browser, IT admins can control access to critical cloud and internal apps, third-party vendor and contractor connections in a familiar interface.

Now, Microsoft has built all those tools directly into its Chromium-based Edge browser, with an updated Edge icon with a briefcase letting employees know they are in the work browser window, and passwords, favorites, and data currently associated with their work profile are maintained. 

Microsoft said limited personal-to-work browser window switching will be enabled by default.  “When users that have both work and personal profiles try to access a work site in the personal browser window, such as Microsoft 365 apps and services, the site will automatically open in the work browser window.”

From an IT perspective, Redmond is making it easy for all policies, settings, and configurations previously set by an organization to be automatically transitioned to Edge for Business, with the IT department maintaining full control over policy and feature management and configuration.

The new product promises natively built-in rich enterprise controls for secure data access and leak prevention powered by Microsoft Entra ID (Azure AD), a lightly managed personal browsing experience (MSA Profile) that lets employees access non-work sites and services without exposing the business to risk, and secure and compliant access to work resources on personal computers with DLP controls. 

The product rollout also has potential implications beyond the browser window as Microsoft cements itself as a cybersecurity giant generating $20 billion a year in security revenue while simultaneously struggling mightily with securing its own Azure and M365 cloud infrastructure.

Just last month, Chinese cyberspies stole a Microsoft security key and hacked into multiple U.S. government email accounts. The embarrassing breach led to widespread criticism of Microsoft’s M365 licensing structure that essentially charges extra for customers to access forensics data during active malware investigations.

Despite the hiccups, Microsoft customers say it is cheaper, easier and sometimes more practical to consolidate its cloud and IT purchases with security tooling from Microsoft. Security experts also noted that Microsoft (and Google) have a major advantage in the ability to find and patch Chrome vulnerabilities faster than third-party companies.

Related: US Senator Wyden Accuses Microsoft of ‘Cybersecurity Negligence’

Related: Microsoft Flexes Security Vendor Muscles With Managed Services

Related: Secure Enterprise Browser Startup Talon Raises $100 Million

Related: Enterprise Browser Startup Island Snags Massive Funding Round

Related: For Microsoft, Security is a Multi-Billion Dollar Business

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Endpoint Security

The Zero Day Dilemma