www.microsoft.com
Open in
urlscan Pro
2a02:26f0:dc:18d::356e
Public Scan
URL:
https://www.microsoft.com/en-us/security/business/zero-trust
Submission: On October 05 via api from US — Scanned from DE
Submission: On October 05 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
Name: searchForm — GET https://www.microsoft.com/en-us/security/site-search
<form class="c-search" autocomplete="off" id="searchForm" name="searchForm" role="search" action="https://www.microsoft.com/en-us/security/site-search" method="GET" data-seautosuggest=""
data-seautosuggestapi="https://www.microsoft.com/msstoreapiprod/api/autosuggest"
data-m="{"cN":"GlobalNav_Search_cont","cT":"Container","id":"c3c1c9c4c1m1r1a1","sN":3,"aN":"c1c9c4c1m1r1a1"}" aria-expanded="false"
style="overflow-x: visible;">
<input id="cli_shellHeaderSearchInput" aria-label="Search Expanded" aria-autocomplete="list" aria-expanded="false" aria-controls="universal-header-search-auto-suggest-transparent" aria-owns="universal-header-search-auto-suggest-ul" type="search"
name="q" role="combobox" placeholder="Search Microsoft Security" data-m="{"cN":"SearchBox_nav","id":"n1c3c1c9c4c1m1r1a1","sN":1,"aN":"c3c1c9c4c1m1r1a1"}" data-toggle="tooltip"
data-placement="right" title="Search Microsoft Security" style="overflow-x: visible;">
<button id="search" aria-label="Search Microsoft Security" class="c-glyph" data-m="{"cN":"Search_nav","id":"n2c3c1c9c4c1m1r1a1","sN":2,"aN":"c3c1c9c4c1m1r1a1"}"
data-bi-mto="true" aria-expanded="false" style="overflow-x: visible;">
<span role="presentation" style="overflow-x: visible;">Search</span>
<span role="tooltip" class="c-uhf-tooltip c-uhf-search-tooltip" style="overflow-x: visible;">Search Microsoft Security</span>
</button>
<div class="m-auto-suggest" id="universal-header-search-auto-suggest-transparent" role="group" style="overflow-x: visible;">
<ul class="c-menu" id="universal-header-search-auto-suggest-ul" aria-label="Search Suggestions" aria-hidden="true" data-bi-dnt="true" data-bi-mto="true" data-js-auto-suggest-position="default" role="listbox" data-tel="jsll"
data-m="{"cN":"search suggestions_cont","cT":"Container","id":"c3c3c1c9c4c1m1r1a1","sN":3,"aN":"c3c1c9c4c1m1r1a1"}" style="overflow-x: visible;"></ul>
</div>
</form>Text Content
We use optional cookies to improve your experience on our websites, such as
through social media connections, and to display personalized advertising based
on your online activity. If you reject optional cookies, only cookies necessary
to provide you the services will be used. You may change your selection by
clicking “Manage Cookies” at the bottom of the page. Privacy Statement
Third-Party Cookies
Accept Reject Manage cookies
Skip to main content
Microsoft
Microsoft Security
Microsoft Security
Microsoft Security
* Home
* Solutions
* Cloud security
* Frontline workers
* Identity & access
* Industrial & critical infrastructure
* Information protection & governance
* IoT security
* Passwordless authentication
* Phishing
* Ransomware
* Risk management
* Secure remote work
* SIEM & XDR
* Small & medium business
* Zero Trust
* Products
* Product families Product families
* Microsoft Defender
* Microsoft Entra
* Microsoft Priva
* Microsoft Purview
* Identity & access Identity & access
* Azure Active Directory part of Microsoft Entra
* Microsoft Entra Permissions Management
* Microsoft Entra Verified ID
* Azure Key Vault
* SIEM & XDR SIEM & XDR
* Microsoft Sentinel
* Microsoft Defender for Cloud
* Microsoft 365 Defender
* Microsoft Defender for Endpoint
* Microsoft Defender for Office 365
* Microsoft Defender for Identity
* Microsoft Defender for Cloud Apps
* Microsoft Defender Vulnerability Management
* Microsoft Defender Threat Intelligence
* Cloud security Cloud security
* Microsoft Defender for Cloud
* Microsoft Defender External Attack Surface Management
* Azure Firewall
* Azure Web App Firewall
* Azure DDoS Protection
* GitHub Advanced Security
* Endpoint security Endpoint security
* Microsoft 365 Defender
* Microsoft Defender for Endpoint
* Microsoft Defender for IoT
* Microsoft Defender for Business
* Microsoft Defender Vulnerability Management
* Risk management & privacy Risk management & privacy
* Microsoft Purview Insider Risk Management
* Microsoft Purview Communication Compliance
* Microsoft Purview eDiscovery
* Microsoft Purview Compliance Manager
* Microsoft Purview Audit
* Microsoft Priva Risk Management
* Microsoft Priva Subject Rights Requests
* Information protection Information protection
* Microsoft Purview Information Protection
* Microsoft Purview Data Lifecycle Management
* Microsoft Purview Data Loss Prevention
* Device management Device management
* Microsoft Endpoint Manager
* Services
* Microsoft Security Experts
* Microsoft Defender Experts for Hunting
* Microsoft Security Services for Enterprise
* Microsoft Security Services for Incident Response
* Microsoft Security Services for Modernization
* Partners
* Resources
* Get started Get started
* Customer stories
* Security 101
* Product trials
* How we protect Microsoft
* Reports and analysis Reports and analysis
* Industry recognition
* Microsoft Security Insider
* Microsoft Digital Defense Report
* Security Response Center
* Community Community
* Microsoft Security Blog
* Microsoft Security Events
* Microsoft Tech Community
* Documentation and training Documentation and training
* Documentation
* Technical Content Library
* Training & certifications
* Additional sites Additional sites
* Compliance Program for Microsoft Cloud
* Microsoft Trust Center
* Security Engineering Portal
* Service Trust Portal
* Contact sales
* More
* Start free trial
* All Microsoft
* * Microsoft Security
* Azure
* Dynamics 365
* Microsoft 365
* Microsoft Teams
* Windows 365
* Tech & innovation Tech & innovation
* Microsoft Cloud
* AI
* Azure Space
* Mixed reality
* Microsoft HoloLens
* Microsoft Viva
* Quantum computing
* Sustainability
* Industries Industries
* Education
* Automotive
* Financial services
* Government
* Healthcare
* Manufacturing
* Retail
* All industries
* Partners Partners
* Find a partner
* Become a partner
* Partner Network
* Find an advertising partner
* Become an advertising partner
* Azure Marketplace
* AppSource
* Resources Resources
* Blog
* Microsoft Advertising
* Developer Center
* Documentation
* Events
* Licensing
* Microsoft Learn
* Microsoft Research
* View Sitemap
Search Search Microsoft Security
Cancel
Sign in to your account
Sign in
Office Virtual Assistant
* Chat with sales
* 1 800-642-7676
Available M-F from 6:00AM to 6:00PM Pacific Time.
* Support
Close
Hero_zero-trust
EMBRACE PROACTIVE SECURITY WITH ZERO TRUST
Real-world deployments and attacks are shaping the future of Zero Trust. Our
framework, key trends, and maturity model can accelerate your journey.
Get the white paper
EMBRACE PROACTIVE SECURITY WITH ZERO TRUST
Real-world deployments and attacks are shaping the future of Zero Trust. Our
framework, key trends, and maturity model can accelerate your journey.
Get the white paper
UNLOCK 92 PERCENTAGE RETURN ON INVESTMENT
Total Economic Impact™ study conducted by Forrester Consulting and commissioned
by Microsoft reveals cost savings and business benefits enabled by Zero Trust
solutions.
Get the study
WHY ZERO TRUST
Today’s organizations need a new security model that more effectively adapts to
the complexity of the modern environment, embraces the hybrid workplace, and
protects people, devices, apps, and data wherever they’re located.
PRODUCTIVITY EVERYWHERE
Empower your users to work more securely anywhere and anytime, on any device.
CLOUD MIGRATION
Enable digital transformation with intelligent security for today’s complex
environment.
RISK MITIGATION
Close security gaps and minimize risk of lateral movement.
Get the Zero Trust Business Plan
ZERO TRUST PRINCIPLES
VERIFY EXPLICITLY
Always authenticate and authorize based on all available data points, including
user identity, location, device health, service or workload, data
classification, and anomalies.
USE LEAST PRIVILEGED ACCESS
Limit user access with just-in-time and just-enough-access (JIT/JEA), risk-based
adaptive polices, and data protection to help secure both data and productivity.
ASSUME BREACH
Minimize blast radius and segment access. Verify end-to-end encryption and use
analytics to get visibility, drive threat detection, and improve defenses.
WHAT’S NEXT IN YOUR ZERO TRUST JOURNEY?
Assess the Zero Trust maturity stage of your organization and receive targeted
milestone guidance, plus a curated list of resources and solutions to move
forward in your comprehensive security posture.
Take the assessment
ZERO TRUST DEFINED
Instead of assuming everything behind the corporate firewall is safe, the Zero
Trust model assumes breach and verifies each request as though it originates
from an open network. Regardless of where the request originates or what
resource it accesses, Zero Trust teaches us to “never trust, always verify.”
Every access request is fully authenticated, authorized, and encrypted before
granting access. Microsegmentation and least privileged access principles are
applied to minimize lateral movement. Rich intelligence and analytics are
utilized to detect and respond to anomalies in real time.
View full size
More about diagram
ZERO TRUST DEFENSE AREAS
Get the e-book
IDENTITIES
Verify and secure each identity with strong authentication across your entire
digital estate.
Learn more about identity and access management
ENDPOINTS
Gain visibility into devices accessing the network. Ensure compliance and health
status before granting access.
Learn about Microsoft Endpoint Manager Learn more about Microsoft Defender for
Endpoint
APPS
Discover shadow IT, ensure appropriate in-app permissions, gate access based on
real-time analytics, and monitor and control user actions.
Learn more about cloud security Learn more about threat protection
DATA
Move from perimeter-based data protection to data-driven protection. Use
intelligence to classify and label data. Encrypt and restrict access based on
organizational policies.
Learn more about information protection and governance
INFRASTRUCTURE
Use telemetry to detect attacks and anomalies, automatically block and flag
risky behavior, and employ least privilege access principles.
Learn more about infrastructure security
NETWORK
Ensure devices and users aren’t trusted just because they’re on an internal
network. Encrypt all internal communications, limit access by policy, and employ
microsegmentation and real-time threat detection.
Learn more about network security
DEMOS AND EXPERT INSIGHTS
...
* Zero Trust Essentials
* Identity Controls
* Endpoints and Applications
* Network and Infrastructure
* Data
...
* Zero Trust Essentials
* Identity Controls
* Endpoints and Applications
* Network and Infrastructure
* Data
* EPISODE 1: ZERO TRUST ESSENTIALS
Learn about Zero Trust, the six areas of defense, and how Microsoft products
can help in the first episode of Microsoft Mechanics’ Zero Trust Essentials
series with host Jeremy Chapman.
* EPISODE 2: IDENTITY CONTROLS
Get tips and watch demos of the tools for implementing the Zero Trust
security model for identity and access management.
* EPISODE 3: ENDPOINTS AND APPLICATIONS
Learn more about defending endpoints and apps with Zero Trust, including
product demonstrations from Microsoft.
* EPISODE 4: NETWORK AND INFRASTRUCTURE
Jeremy explains how to apply Zero Trust principles to your network and
infrastructure using Microsoft Azure.
* EPISODE 5: DATA
Protect data across your files and content - in transit, in use and wherever
it resides - with the Zero Trust security model.
DISCOVER HOW THESE CUSTOMERS ARE MAKING ZERO TRUST A REALITY
INFORM YOUR STRATEGY AND ADOPTION
ZERO TRUST: A ROADMAP TO DEPLOYMENT
Alex Simons, Corporate Vice President for Identity Security at Microsoft, and
Steve Turner, analyst at Forrester Research, discuss the adoption of Zero Trust
and offer practical advice for organizations to get started.
Learn more
IMPLEMENTING ZERO TRUST AT MICROSOFT
Microsoft has adopted a Zero Trust strategy to secure corporate and customer
data. The implementation centers on strong user identity, device health
verification, validation of app health, and least-privilege access to resources
and services.
Learn more
DEPLOY, INTEGRATE, AND DEVELOP
Take the next steps in your organization’s end-to-end implementation with our
Zero Trust Guidance Center docs for deployment, integration, and app development
best practices.
Get started
COMPARE YOUR PROGRESS
Get the latest research on how and why organizations are adopting Zero Trust to
help inform your strategy, uncover collective progress and prioritizations, and
gain insights on this rapidly evolving space.
Read the report
MORE RESOURCES
ZERO TRUST SECURITY BLOGS
Learn about the latest trends in Zero Trust in cybersecurity from Microsoft.
Read now
CISO BLOG SERIES
Discover successful security strategies and valuable lessons learned from CISOs
and our top experts.
Read now
U.S. EXECUTIVE ORDER
Explore resources for federal agencies to improve national cybersecurity through
cloud adoption and Zero Trust.
Read now
SECURITY PARTNERS
Solution providers and independent software vendors can help bring Zero Trust to
life.
Find a partner
ZERO TRUST SOLUTIONS
Learn about Microsoft solutions that support Zero Trust.
Learn more
Follow Microsoft
* LinkedIn
* Twitter
* Blog
What's new
* Surface Laptop Go 2
* Surface Pro 8
* Surface Laptop Studio
* Surface Pro X
* Surface Go 3
* Surface Duo 2
* Surface Pro 7+
* Windows 11 apps
Microsoft Store
* Account profile
* Download Center
* Microsoft Store support
* Returns
* Order tracking
* Virtual workshops and training
* Microsoft Store Promise
* Flexible Payments
Education
* Microsoft in education
* Devices for education
* Microsoft Teams for Education
* Microsoft 365 Education
* Education consultation appointment
* Educator training and development
* Deals for students and parents
* Azure for students
Business
* Microsoft Cloud
* Microsoft Security
* Dynamics 365
* Microsoft 365
* Microsoft Power Platform
* Microsoft Teams
* Microsoft Industry
* Small Business
Developer & IT
* Azure
* Developer Center
* Documentation
* Microsoft Learn
* Microsoft Tech Community
* Azure Marketplace
* AppSource
* Visual Studio
Company
* Careers
* About Microsoft
* Company news
* Privacy at Microsoft
* Investors
* Diversity and inclusion
* Accessibility
* Sustainability
English (United States)
* Sitemap
* Contact Microsoft
* Privacy
* Manage cookies
* Terms of use
* Trademarks
* Safety & eco
* About our ads
* © Microsoft 2022
Video player
Video player
Video player
Video player
Video player
Close dialog
Modal dialog
A holistic approach to Zero Trust should extend to your entire digital estate –
inclusive of identities, endpoints, network, data, apps, and infrastructure.
Zero Trust architecture serves as a comprehensive end-to-end strategy and
requires integration across the elements.
The foundation of Zero Trust security is Identities. Both human and non-human
identities need strong authorization, connecting from either personal or
corporate Endpoints with compliant device, together requesting access based on
strong policies grounded in Zero Trust principles of explicit verification,
least privilege access, and assumed breach.
As a unified policy enforcement, the Zero Trust Policy intercepts the request,
and explicitly verifies signals from all 6 foundational elements based on policy
configuration and enforces least privileged access. Signals include the role of
the user, location, device compliance, data sensitivity, application sensitivity
and much more. In additional to telemetry and state information, the risk
assessment from threat protection feeds into the policy engine to automatically
respond to threats in real-time. Policy is enforced at the time of access and
continuously evaluated throughout the session.
This policy is further enhanced by Policy Optimization. Governance and
Compliance are critical to a strong Zero Trust implementation. Security Posture
Assessment and Productivity Optimization are necessary to measure the telemetry
throughout the services and systems.
The telemetry and analytics feeds into the Threat Protection system. Large
amounts of telemetry and analytics enriched by threat intelligent generates high
quality risk assessments that can either be manually investigated or automated.
Attacks happen at cloud speed – your defense systems must act at cloud speed and
humans just can’t react quickly enough or sift through all the risks. The risk
assessment feeds into the policy engine for real-time automated threat
protection, and additional manual investigation if needed.
Traffic filtering and segmentation is applied to the evaluation and enforcement
from the Zero Trust policy before access is granted to any public or private
Network. Data classification, labeling, and encryption should be applied to
emails, documents, and structured data. Access to Apps should be adaptive,
whether SaaS or on-premises. Runtime control is applied to Infrastructure, with
serverless, containers, IaaS, PaaS, and internal sites, with just-in-time (JIT)
and Version Controls actively engaged.
Finally, telemetry, analytics, and assessment from the Network, Data, Apps, and
Infrastructure are fed back into the Policy Optimization and Threat Protection
systems.
Dialog closed