NEWS ANALYSIS: Redmond plants its feet firmly in the enterprise browser space, sending major ripples through Silicon Valley’s bustling venture-backed startup ecosystem.
Without much fanfare last week, Microsoft planted both feet firmly in the enterprise browser space, releasing a product promising a native browsing experience tightly integrated with enterprise-grade security and manageability features.
This strategic play, automatically rolled out to billions of Microsoft customers signing in with Entra ID (formerly Azure Active Directory), is sure to disrupt Silicon Valley’s bustling venture-backed startup ecosystem where hundreds of millions have been wagered on companies in the enterprise browser category.
The new product — called “Microsoft Edge for Business” — natively separates work and personal browsing into dedicated browser windows with their own favorites, separate caches and storage locations.
Microsoft is pitching this browser separation as a business feature that blocks work-related content and data from intermingled with personal browsing, preventing end users from accidentally sharing sensitive information.
“Microsoft Edge for Business is going to be the standard browser experience for organizations,” Redmond boasted.
“With separate caches and storage locations, user information stays separate and personal data can be excluded from enterprise sync, giving users the privacy they want. Meanwhile, IT maintains controls over the security and compliance posture of Microsoft Edge, whether work or personal,” the company added.
The Microsoft move, first announced at the software giant’s Build conference in May, threatens to destabilize the venture-backed startup landscape, where vast sums have been invested on early-stage companies building security-themed browsers for corporate customers.
Despite doubts about product category and size of the market, several startups have banked massive funding rounds (some at ‘unicorn’ valuations) to work on enterprise browser products. Competing companies include Talon Cyber Security, a startup that raised $143 million to build a security-centric browser based on Chromium; Island, a Texas company that secured $285 million to work on enterprise browsing software; and Surf, a company selling a zero-trust enterprise browser.
Investors have also poured capital into startups working on browser extensions to secure corporate browsing experiences. Companies in this space include SlashNext, LayerX, Seraphic and Red Access.
The pitch from these startups is that the major browser vendors — Microsoft and Google — do not provide adequate tooling to protect identities and data flowing through web browsers when employees are working from home, some on personal devices. With a separate enterprise browser, IT admins can control access to critical cloud and internal apps, third-party vendor and contractor connections in a familiar interface.
Now, Microsoft has built all those tools directly into its Chromium-based Edge browser, with an updated Edge icon with a briefcase letting employees know they are in the work browser window, and passwords, favorites, and data currently associated with their work profile are maintained.
Microsoft said limited personal-to-work browser window switching will be enabled by default. “When users that have both work and personal profiles try to access a work site in the personal browser window, such as Microsoft 365 apps and services, the site will automatically open in the work browser window.”
From an IT perspective, Redmond is making it easy for all policies, settings, and configurations previously set by an organization to be automatically transitioned to Edge for Business, with the IT department maintaining full control over policy and feature management and configuration.
The new product promises natively built-in rich enterprise controls for secure data access and leak prevention powered by Microsoft Entra ID (Azure AD), a lightly managed personal browsing experience (MSA Profile) that lets employees access non-work sites and services without exposing the business to risk, and secure and compliant access to work resources on personal computers with DLP controls.
The product rollout also has potential implications beyond the browser window as Microsoft cements itself as a cybersecurity giant generating $20 billion a year in security revenue while simultaneously struggling mightily with securing its own Azure and M365 cloud infrastructure.
Just last month, Chinese cyberspies stole a Microsoft security key and hacked into multiple U.S. government email accounts. The embarrassing breach led to widespread criticism of Microsoft’s M365 licensing structure that essentially charges extra for customers to access forensics data during active malware investigations.
Despite the hiccups, Microsoft customers say it is cheaper, easier and sometimes more practical to consolidate its cloud and IT purchases with security tooling from Microsoft. Security experts also noted that Microsoft (and Google) have a major advantage in the ability to find and patch Chrome vulnerabilities faster than third-party companies.