Reach the optimal state in your Zero Trust journey

Photograph of a person holding a laptop and wearing an earpiece, standing by floor-to-ceiling glass windows overlooking a city below.

Why Zero Trust

Today’s organizations need a new security model that more effectively adapts to the complexity of the modern environment, embraces the mobile workforce, and protects people, devices, apps, and data wherever they’re located.

Mobile access

Empower your users to work more securely anywhere and anytime, on any device.

Cloud migration

Enable digital transformation with intelligent security for today’s complex environment.

Risk mitigation

Close security gaps and minimize risk of lateral movement.

Zero Trust principles

Verify explicitly

Always authenticate and authorize based on all available data points, including user identity, location, device health, service or workload, data classification, and anomalies.

Use least privileged access

Limit user access with just-in-time and just-enough-access (JIT/JEA), risk-based adaptive polices, and data protection to help secure both data and productivity.

Assume breach

Minimize blast radius for breaches and prevent lateral movement by segmenting access by network, user, devices, and app awareness. Verify all sessions are encrypted end to end. Use analytics to get visibility and drive threat detection and improve defenses.

Zero Trust defined

Instead of assuming everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies each request as though it originates from an open network. Regardless of where the request originates or what resource it accesses, Zero Trust teaches us to “never trust, always verify.” Every access request is fully authenticated, authorized, and encrypted before granting access. Microsegmentation and least privileged access principles are applied to minimize lateral movement. Rich intelligence and analytics are utilized to detect and respond to anomalies in real time.

Infographic illustrating the Zero Trust reference architecture

Zero Trust components

Photograph of a person wearing glasses, sitting at a desk and looking at a laptop screen

Identities

Verify and secure each identity with strong authentication across your entire digital estate.

Photograph of a person standing in a modern kitchen holding a coffee mug and looking at a smartphone screen.

Devices

Gain visibility into devices accessing the network. Ensure compliance and health status before granting access.

Photograph of a person’s hands working on a laptop that shows a calendar on the screen.

Applications

Discover shadow IT, ensure appropriate in-app permissions, gate access based on real-time analytics, and monitor and control user actions.

Photograph of the top half of two desktop monitors displaying code

Data

Move from perimeter-based data protection to data-driven protection. Use intelligence to classify and label data. Encrypt and restrict access based on organizational policies.

Two people looking at a large desktop monitor and having a discussion.

Infrastructure

Use telemetry to detect attacks and anomalies, automatically block and flag risky behavior, and employ least privilege access principles.

Photograph of a person standing in a glass-enclosed office in front of a desk, holding an open laptop

Network

Ensure devices and users aren’t trusted just because they’re on an internal network. Encrypt all internal communications, limit access by policy, and employ microsegmentation and real-time threat detection.

Zero Trust solutions

Learn about Microsoft solutions that support Zero Trust.

Learn more

Read Zero Trust e-book

More about Zero Trust

58% believe network perimeters are vulnerable

In a Zero Trust model, users and devices, both inside and outside the corporate network, are deemed untrustworthy. Access is granted based on a dynamic evaluation of the risk associated with each request. Learn more about enabling Zero Trust security.

Read now

Implementing Zero Trust at Microsoft

Microsoft deployed Zero Trust to secure corporate and customer data. The implementation centered on strong user identity, device health verification, validation of application health, and secure, least-privilege access to corporate resources and services.

Read now

Blogs

Zero Trust IAM part 1

Learn more and enable a Zero Trust model with strong identity and access management.

Read now

CISO blog series

Discover successful security strategies and valuable lessons learned from CISOs and our top experts.

Read now

Have you assessed your Zero Trust readiness?

Microsoft’s Zero Trust interpretation and maturity model for assessment.

Read now