Microsoft 365 Zero Trust

Security / By

Microsoft 365 Zero Trust

Microsoft 365 Zero Trust model works on – to “never trust, always verify.”. Zero Trust verifies each request as though it originated from an uncontrolled network. Regardless of where the request originates or what resource it accesses

Zero Trust principles

There are 3 Zero Trust principles:

  • Verify explicitly
  • Use least privileged access
  • Assume breach

Verify explicitly

Always authenticate and authorize based on all available data points, including user identity, location, device health, service or workload, data classification, and anomalies.

Use least privileged access

Limit user access with just-in-time and just-enough-access (JIT/JEA), risk-based adaptive polices, and data protection to help secure both data and productivity.

Assume breach

Minimize blast radius and segment access. Verify end-to-end encryption and use analytics to get visibility, drive threat detection, and improve defenses.

          In other words, we can understand Zero trust as “Instead of assuming everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies each request as though it originates from an open network. Regardless of where the request originates or what resource it accesses, Zero Trust teaches us to “never trust, always verify.” Every access request is fully authenticated, authorized, and encrypted before granting access. Microsegmentation and least privileged access principles are applied to minimize lateral movement. Rich intelligence and analytics are utilized to detect and respond to anomalies in real time. “

Where Microsoft 365 Zero Trust Works:

Identities

Verify and secure each identity with strong authentication across your entire digital estate.

Endpoints

Gain visibility into devices accessing the network. Ensure compliance and health status before granting access.

Apps

Discover shadow IT, ensure appropriate in-app permissions, gate access based on real-time analytics, and monitor and control user actions.

Data

Move from perimeter-based data protection to data-driven protection. Use intelligence to classify and label data. Encrypt and restrict access based on organizational policies.

Infrastructure

Use telemetry to detect attacks and anomalies, automatically block and flag risky behavior, and employ least privilege access principles.

Network

Ensure devices and users aren’t trusted just because they’re on an internal network. Encrypt all internal communications, limit access by policy, and employ microsegmentation and real-time threat detection.