Microsoft’s transition to Zero Trust
Today’s cloud-based enterprise environments and always-on workforces require access to applications and resources that exist beyond the traditional boundaries of corporate networks, restrictive network firewalls and VPNs. Organizations are moving to modern, more holistic systems of verification to manage enterprise security and to combat threats differently.
Microsoft has adopted a modern approach to security called “Zero Trust,” which is based on the principle: never trust, always verify. This security approach protects our company and our customers by managing and granting access based on the continual verification of identities, devices and services. In this content suite, the Microsoft Digital team shares their strategic approach, best practices, and hands-on learning from our enterprise-wide transition to Zero Trust architecture.
Although transitioning to Zero Trust is a multifaceted journey that can span many years, the architecture powerfully addresses the security challenges that modern enterprises face. Microsoft Digital knew that implementing Zero Trust would result in a notable shift in the way users access the corporate environment at Microsoft, so they created a layered approach to securing both corporate and customer data.
Microsoft Digital’s multistep implementation strategy is centered on strong user identity, device health verification, and secure, least-privilege access to corporate resources and services, all backed by rich data insights that reduce the risk of unauthorized lateral movement across the corporate network.
Through these authentication and verification methods, Microsoft Digital ensures that users are only given access that is explicitly authorized. Learn more about how Microsoft structured a phased approach to our Zero Trust implementation.
Microsoft Security offers guidance about how to optimize your Zero Trust strategy with an optimization model and solutions.
Featured content
![Side profile of male employee sitting next to coworker at table in cafeteria area of office.
Side profile of male employee sitting next to coworker at table in cafeteria area of office.](http://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/_h/9be151e5/coreui.statics/images/1x1clear.gif)
Implementing a Zero Trust security model at Microsoft
READ BLOG![Lessons learned at Microsoft: Five steps you can take to reduce your ransomware risk A security team talks about reducing their ransomware risk in a meeting in an open workspace.](http://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/_h/9be151e5/coreui.statics/images/1x1clear.gif)
Lessons learned at Microsoft: Five steps you can take to reduce your ransomware risk
READ BLOG![Mark Skorupa sits at his desk and looks at this laptop. Mark Skorupa sits at his desk and looks at this laptop.](http://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/_h/9be151e5/coreui.statics/images/1x1clear.gif)
Microsoft’s digital security team answers your Top 10 questions on Zero Trust
READ BLOG![Black female developer working at enterprise office workspace. She has customized her workspace with a multi-monitor set up. Black female developer working at enterprise office workspace. She has customized her workspace with a multi-monitor set up.](http://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/_h/9be151e5/coreui.statics/images/1x1clear.gif)
Zero Trust – Microsoft Security
EXPLORE WEBSITE PORTAL![Man standing in office and holding an open laptop Man standing in office and holding an open laptop](http://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/_h/9be151e5/coreui.statics/images/1x1clear.gif)
Zero Trust solutions at Microsoft
EXPLORE WEBSITE PORTAL![A Microsoft employee plugs in a power cord in a Microsoft Azure datacenter. A Microsoft employee plugs in a power cord in a Microsoft Azure datacenter.](http://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/_h/9be151e5/coreui.statics/images/1x1clear.gif)
Learning from engineering Zero Trust networking at Microsoft
READ BLOGThe majority of security breaches today involve credential theft, and lapses in cyber hygiene amplify the potential for risk to employees and to organizations at large. That’s why one of the primary components of a Zero Trust system is the ability to verify a user’s identity before access is granted to the corporate network.
Microsoft Digital started by implementing multifactor authentication through the modern experience of Azure Authenticator.
This allows Microsoft to grant access to the specific corporate resources explicitly approved for each individual user, in a mobile-friendly environment and across multiple devices. As we continue to move forward, our end goal is to completely eliminate passwords. Learn more about the verifying identity phase of Microsoft’s Zero Trust journey.
Featured content
![Top-down view of a man in a sport coat kicking his feet up and sitting in privacy table at the airport typing on his phone. Top-down view of a man in a sport coat kicking his feet up and sitting in privacy table at the airport typing on his phone.](http://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/_h/9be151e5/coreui.statics/images/1x1clear.gif)
Verifying identity in a Zero Trust model internally at Microsoft
READ BLOG![IT professional at a digital consulting firm. The firm provides custom solutions across a multitude of disciplines including IT, front and back end software development, customer support and data services. IT professional at a digital consulting firm. The firm provides custom solutions across a multitude of disciplines including IT, front and back end software development, customer support and data services.](http://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/_h/9be151e5/coreui.statics/images/1x1clear.gif)
Implementing strong user authentication with Windows Hello for Business
READ BLOG![Bret Arsenault, CVP and CISO at Microsoft Bret Arsenault, CVP and CISO at Microsoft](http://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/_h/9be151e5/coreui.statics/images/1x1clear.gif)
Microsoft’s CISO series: Eliminating passwords
WATCH VIDEO![Two women sharing a couch. Each has a laptop in their lap. One woman is working her cell phone. Two women sharing a couch. Each has a laptop in their lap. One woman is working her cell phone.](http://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/_h/9be151e5/coreui.statics/images/1x1clear.gif)
Preparing your enterprise to eliminate passwords
READ BLOG![Woman at work on her computer. Woman at work on her computer.](http://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/_h/9be151e5/coreui.statics/images/1x1clear.gif)
The end of passwords, go passwordless
EXPLORE WEBSITE PORTAL![A manager and associate collaborating on an architectural project. They are editing the same property illustration on different machines using Windows Ink on OneNote. A manager and associate collaborating on an architectural project. They are editing the same property illustration on different machines using Windows Ink on OneNote.](http://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/_h/9be151e5/coreui.statics/images/1x1clear.gif)
Managing user identities and secure access at Microsoft
READ BLOGBecause unmanaged devices are an easy entry point for bad actors, ensuring that only healthy devices can access critical applications and data is vital for enterprise security. As a fundamental part of our Zero Trust implementation, Microsoft Digital worked to enroll all user devices in device management systems.
Enabling device health verification in this way is essential to managing the policies that govern access to Microsoft resources.
Microsoft Digital uses either cloud management software like Microsoft Intune or classic on-premises management tools to ensure that every device is classified as healthy before allowing access to major productivity applications like Microsoft Exchange, SharePoint, and Teams. We also secure the millions of IoT devices in use with an integrated security controls strategy that incorporates comprehensive risk assessments and mitigation strategies at the intelligent edge. Learn more about the verifying device health phase of Microsoft’s Zero Trust journey.
Featured content
Despite the focus on managing and maintaining device health throughout our enterprise environment, some scenarios—like vendor staffing, acquisitions, and guest projects—require users to work from unmanaged devices. With those situations in mind, the Microsoft Digital team defined a plan to minimize the means of access to corporate resources, and to require identity and device health verification for all access methods.
Microsoft Digital transitioned from a corporate network approach to internet-first access methods, with a final goal of internet-only access methods in sight. This strategy reduces users accessing the corporate network for most scenarios, and will enable Microsoft Digital’s plan to establish a set of managed virtualized services that make applications and full Windows desktop environments available to users with unmanaged devices. Learn more about the verifying access phase of Microsoft’s Zero Trust journey.
Featured content
![Steve Means, Carmichael Patton, and Phil Suver smile as they talk on a Microsoft Teams call. Steve Means, Carmichael Patton, and Phil Suver smile as they talk on a Microsoft Teams call.](http://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/_h/9be151e5/coreui.statics/images/1x1clear.gif)
Using a Zero Trust strategy to secure Microsoft’s network during remote work
READ BLOG![Pete Apple, Principal Service Engineer; David Lef, Principal Service Engineer; Raghavendran Venkatraman, Sr. Service Engineer; Kellie Larkin, Sr. Service Engineer Pete Apple, Principal Service Engineer; David Lef, Principal Service Engineer; Raghavendran Venkatraman, Sr. Service Engineer; Kellie Larkin, Sr. Service Engineer](http://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/_h/9be151e5/coreui.statics/images/1x1clear.gif)
Understanding Microsoft’s approach to Zero Trust Networking with Microsoft Azure
WATCH VIDEO![Woman sitting at a desk using a computer Woman sitting at a desk using a computer.](http://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/_h/9be151e5/coreui.statics/images/1x1clear.gif)
Using shielded virtual machines to help protect high-value assets
READ BLOG![Moving to next-generation SIEM with Azure Sentinel Three men sitting in an office looking at a computer.](http://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/_h/9be151e5/coreui.statics/images/1x1clear.gif)
Moving to next-generation SIEM at Microsoft with Microsoft Sentinel
READ BLOG![Phil Suver sits at his desk and looks at his laptop. Phil Suver sits at his desk and looks at his laptop.](http://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/_h/9be151e5/coreui.statics/images/1x1clear.gif)
Sharing how Microsoft now secures its network with a Zero Trust model
READ BLOG![Security operations center Screenshot of Microsoft employees working inside a security operations center at Microsoft.](http://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/_h/9be151e5/coreui.statics/images/1x1clear.gif)