How Microsoft flexes its power
Illustration: Christopher T. Fong/Protocol

How Microsoft flexes its power

Source Code

Good morning! Independent software vendors face tradeoffs when trying to tap into the vast customer bases of the industry’s biggest names. And it’s becoming much trickier to navigate.

Microsoft's enterprise app store power play

Over its 47-year history, Microsoft has long been known for employing subtle business practices to ice out competitors by preferencing its own products and services. Some of those practices have even come under fire for being anticompetitive.

Microsoft's commercial marketplace strategy hasn't received much scrutiny though, Protocol's Aisha Counts and Joe Williams write. That marketplace strategy is exemplified by AppSource and Azure Marketplace, where third-party developers can build and sell applications across Dynamics 365, Microsoft 365, Power Platform, and Azure.

  • For Microsoft, the marketplace is a “necessary mechanism” to get the applications of independent software vendors, known as ISVs, in front of customers, said Anthony Joseph, vice president of Microsoft Cloud Marketplace & ISV Journey.
  • To date, Microsoft’s commercial marketplaces have 15,000 sellers and 90,000 solution-partner sellers across 141 geographies.

The benefits are complicated for independent software vendors. While enterprise app stores enable third-party developers to monetize their products and reach new customers, rigorous listing requirements and mismatched incentives can make the experience tricky.

  • In some instances, Microsoft has used its marketplace to exert its power by pushing independent software vendors to highlight Microsoft’s own software to receive better visibility among end-user customers, while making sure their apps don’t compete too directly with Microsoft’s own wares.

These partnerships solidify Microsoft’s market dominance. As more companies move their operations to infrastructure cloud services, Microsoft and other cloud platforms become the primary distribution channel for third-party companies that build products around those services. And the imbalance of power between the cloud giants and independent software vendors will only grow.

  • At any time, Microsoft or others could shift the sands underneath partners: hiking up prices, removing their apps from the store, developing a competing product, or making it harder to receive benefits.

Read more:How Microsoft uses its enterprise software app store to center its power

Making loans more equitable

The Small Business Administration is considering lifting a decades-old moratorium on who can lend its government-backed loans. It could open up a big opportunity for fintech lenders, Protocol's Ryan Deffenbaugh writes.

Under a proposed rule change, nonbanks (fintechs included) could obtain licenses to lend through the SBA's largest loan program.

  • The $35 billion annual program offers loans of up to $5 million to small businesses, which are backed up to 85% by the federal government.
  • For the most part, these loans have been limited to depository institutions or banks since 1982.

It's good news for people in underserved communities. The loans are designed to help business owners who can’t get other types of financing, but data shows disparities in who receives the loans based on race and income. The changes could help address that.

It’s also good news for fintechs. "The fintech industry is often serving minority-owned, low- to moderate-income, and the smallest of small businesses," said Ryan Metcalf, head of public policy and social impact at Funding Circle.

  • Fintechs have helped diversify small business loans in the past, like helping more businesses access PPP loans.
  • But fintech lending comes with risks. Some of the fintechs responsible for PPP loans were also responsible for a significant share of fraudulent loans.

If the rule change is approved, fintechs will need to weigh whether the compliance costs are worth the benefits. But high demand from both small businesses and investors may just drive them to it.

Read more: More equitable lending could be a big opportunity for fintechs

Protocol Special Report: Securing the Enterprise

There’s no let-up in the surge of cyberattacks against businesses. But shutting down the hackers will require many enterprises to evolve their strategy. Presented by At-Bay.

Read Protocol’s Special Report

3 questions for: ForgeRock CEO Fran Rosch

For those still harboring doubts about the momentum in identity security after reading our special report last week, here's another piece of evidence: ForgeRock announced a deal to get acquired by Thoma Bravo for $2.3 billion, at a 53% share price premium. Protocol's Kyle Alspach spoke with ForgeRock CEO Fran Rosch before the deal was announced, but his answers shed some light on why Thoma Bravo may have thought the deal was a good idea.

When identity is done right, how much can that improve an enterprise's security?

I think substantially. I think the trick is, how do you continue to improve that security without becoming like Fort Knox, where you're so locked down that your users can't do anything? So we're really trying to help our customers do both — improve that security posture, but also make things more user-friendly.

What's an example of how you’re doing that with ForgeRock?

We released a tool several years ago called autonomous identity, or self-driving identity, that can take algorithms [and run them] across a customer's data set. And the anomalies really jump out. It's good for a one-time cleanup of any risky entitlements. But it could also be used if a new employee starts, or an existing employee requests access to a new set of applications or information. If that request makes sense, and it's aligned with [their role], it can give them instant access — no human intervention required.

What does the future look like for identity security?

I think ultimately, users are going to demand better, more frictionless experiences, without compromising on security. I think the ultimate winners in this [space] are ones who can bring more intelligence, by collecting signals behind the scenes of user and device behavior.

Read more:Our special report on securing the enterprise

The biggest news from Microsoft Ignite

After Google Cloud’s Next ‘22 event on Tuesday, it was Microsoft’s turn in the spotlight Wednesday, with the first day of its Ignite event. Here are a few areas from CEO Satya Nadella’s keynote speech that stood out to Protocol's Kyle Alspach and Donna Goodison.

In cybersecurity, Microsoft made a handful of product announcementsincluding across code and cloud security, identity governance, and security operations.

  • Updates announced for the Microsoft Defender for Cloud product include the introduction of Defender for DevOps, which aims to provide improved insights around code security and remediation of vulnerabilities, and Defender Cloud Security Posture Management for prioritizing and addressing cloud security risks such as misconfigurations.
  • Microsoft also announced Entra Identity Governance, which provides visibility and control over user access to corporate resources, as well as automation for ensuring that users receive the right permissions based on their role.

GitHub Copilot is already writing 40% of the code for users of the AI pair programming tool, which turns natural-language prompts into suggested code, according to Nadella.

  • Developers are able to code 50% faster using Copilot, which became generally available to all developers in June, Nadella said.
  • “We are experimenting with new functionality through GitHub Copilot Labs, like explain code, which lets you highlight a block of code and see what it does in plain English, and translate code, which lets you select a language and translate the code into it,” said Nadella.

Read more: For a deeper dive, check out our Enterprise newsletter

People are talking

FTX’s Sam-Bankman Fried said crypto needs a core regulator:

  • “Right now, the regulatory oversight of [stablecoins] is extremely unclear … There are a lot of cooks hovering around the kitchen, but there’s no head chef.”

And Coinbase Institute's Hermine Wong doesn’t think regulators have the time to research and develop expertise in crypto:

  • “You don't have the earmarked money to hire crypto experts to do this crypto work necessarily because the legislative authority doesn't exist.”

MIT Energy Initiative’s Howard Herzog said $100 per ton to pull carbon from the air — which everyone agrees would make carbon capture feasible at scale — is “a fantasy”:

  • “Basic physics and engineering say there are some minimum requirements, and when you look at the most optimistic situation, my estimate for where we might be at is $600 to $1,000 for 2030.”
Twitter staff are disappointed by how the company handled internal communications about the Musk takeover, according to one anonymous senior Twitter employee:
  • “Most people are likely leaving, not just because of Musk — because of the very clear lack of regard for any of us."

Making moves

Vista Equity Partners is buying KnowBe4, a software security company, for $4.6 billion, or $24.90 per share.

Some shuffling around at Red Hat: Carolyn Nash is Red Hat’s new SVP and COO; Robert Leibrock was named SVP and CFO; and Jim Palermo was named VP and CIO. Both Leibrock and Palermo will report to Nash.

Eileen Evans is SunPower’s new chief legal officer. Evans is a former senior attorney at HP.

Alexandru Voica is leaving Meta as head of innovation communications for EMEA. Voica had been with the company for a little over four years.

It's not privacy vs. security anymore

In the last few years, the roles of privacy and security executives — and the budgets they control — have grown significantly as organizations have worked to stymie the growing threat of cyberattacks and navigate the ever-changing landscape of data regulation.

In this event we will explore how the chief privacy and chief information security officer roles will evolve and how each can support the other best when the company needs it most. Join us 11 a.m. PT Oct. 27. RSVP here.

In other news

Saleseforce laid off at least 90 people and has implemented a hiring freeze through January.

U.S. chip suppliers are pulling staff outof China’s leading chip maker, Yangtze Memory Technologies, as they look at the potential impact of the Commerce Department’s chip curbs. Also: Samsung was granted an exemption from the U.S. chip restrictions on China, the WSJ reports.

The FCC intends to ban "all sales of new Huawei and ZTE telecommunications devices in the U.S." over national security concerns, according to Axios.

Roku launched its own smart home devices. It partnered with Wyze Labs to sell items like security cameras, smart plugs, and smart lights.

TikTok plans to build fulfillment centers in the U.S., Axios reported. Job postings on LinkedIn show that it’s looking to create an “international e-commerce fulfillment system.” is setting up shop in Paris. The crypto exchange chose the city as its European regional headquarters and will invest over $145 million in France to support operations there.

ByteDance plans to expand its music streaming business globally, according the WSJ. It's currently available in Brazil, India, and Indonesia.

Microsoft’s version of Canva just came out. It’s called Designer and will be available as part of Office productivity software subscriptions.

Google approved Truth Social for distribution on the Play Store. The app submission was banned in August because of various policy violations, which Truth Social has reportedly fixed.

So long, Office: The Microsoft software suite is being rebranded as 365.

A Steve Jobs interview in 2022?

Want to hear something terrifying? Listen (or don’t) to this interview between a fake, AI version of Joe Rogan and a fake, AI version of Steve Jobs. A voice synthesis company based in Dubai created the episode as part of a fictional podcast series called “”

“Jobs” touches on various topics, including Apple’s competitors and revolutionary products, which the podcast accomplishes by synthesizing large samples of Jobs’s voice from past appearances. And aside from a few choppy bits, it’s hard to believe the interview is actually fake.

A Message from At-Bay

With the amount of our economy now dependent on technology, the lack of government regulation is resulting in major risk to companies, and in the end, our own citizens. In the absence of government action, insurance steps in.

Learn more

Thoughts, questions, tips? Send them to, or our tips line, Enjoy your day, see you tomorrow.

Recent Issues

The best of Protocol

The confessions of SBF

Your holiday book list

A tale of two FTXs