Microsoft already owns a BeyondTrust-like solution gained in the acquisition of Winternals. 99% of the Winternals acquisition went out with MDOP. 1% did not. This product. The real question is, with the ownership of that technology AND the fact that they specifically passed up the Beyondtrust piece... WHY would Microsoft WILLINGLY decide NOT to get into that business. My feeling is that they need to maintain "plausible deny-ability" in security cases. In other words, there is no middle ground: there are Admin users and there are User users. The Winternals and BeyondTrust pieces allow you to dial up or down privilege rights. Microsoft clearly doesn't want to be in that business. So they aren't. (PS: No internal knowledge here.. just a hunch.) -Jeremy Moskowitz, Group Policy MVPI wasn't aware of the fact that the acquisition of Winternals brought a lot of this technology to the table. I'm sure Jeremy or my old friend Darren Mar-Elia can comment on the penetration of Microsoft Desktop Optimization Pack (MDOP). My experience - and it's by no means definitive - was that not many customers were purchasing it. Or, at least not the majority of customers were purchasing it. In either case, I'd love to hear Jeremy's or Darren's comments on the uptake of MDOP.
Now, on to Jeremy’s comment: WHY would Microsoft WILLINGLY decide NOT to get into that business. My feeling is that they need to maintain “plausible deny-ability in security cases.” I believe – and I, too, have no internal knowledge here – that Microsoft simply didn’t know what they had and that there was a breakdown of communication internally. Here’s how I think it went down:
- The acquisition was driven by the Windows Enterprise Management division (WEMD) because that’s who was quoted in the press release
- In 2006, the year of the acquisition, WEMD had no interest in anything outside of Group Policy, Systems Center and Operations Manager. So “securing” administrative accounts was not a Group Policy issue whereas backup and operations of Group Policy was; hence why they kept the Desktop Standard Group Policy management software but jettisoned the security stuff. (Which still makes me wonder because the executive quoted in the press release – Praerit Garg – worked in the Windows security group before moving to WEMD.)
- The Desktop Standard acquisition was never shopped around to other divisions. In other words, WEMD never told the Windows Server or Identity Management team about the acquisition and the BeyondTrust technology. Or, they did tell them but in 2006 they had no idea what the BeyondTrust technology was because they didn’t understand the problem completely.
- When Zoomit was acquired by Microsoft we had an innovative directory-enabled single sign-on product that Microsoft didn’t look at yet threw out. They only were interested in the meta-directory technology. So my personal experience generally is that the acquirer can be short-sighted about some of the assets they end up acquiring. Did this happen with the BeyondTrust technology?
- Or, was the BeyondTrust technology simply not ready for prime time back in 2006?