Zero Trust – Trust No One

Learn About Azure AD Trust

As the name suggests, the Zero Trust model is explained quite simply as – “Never Trust. Always Verify.” 

Zero Trust helps secure corporate resources by eliminating unknown or unmanaged devices and in these uncertain times, as a business, you want to make sure all corporate resources are being accessed securely 

What do you need to do to implement a Zero Trust model in your business? With Azure AD at the heart of your Zero Trust strategy, follow the below three principles to achieve a Zero Trust model. 

1 - VERIFY EXPLICITLY

  • Provide Azure AD with a rich set of credentials and control, which can be used to verify the user at all times: 

    • Roll out MFA 
    • Enable Azure AD Hybrid Join or Azure AD Join 
    • Enable Intune for mobile device management 
    • Start rolling out passwordless credentials  

    Verifying explicitly means enabling strong authentication and approving access across all available data points, such as identity, device health, location, services and data classifications. 

2 - LEAST PRIVILEGE

Limit user access with Just-In-Time (JIT) or Just-Enough-Access (JEA), meaning grant the access only when a user needs it and for as long as they need it:  

  • Plan your Conditional Access deployment 
  • Secure access using Privileged Identity Management (PIM) – more info here 
  • Restrict user consent to applications to ensure no unnecessary exposure of corporate data to apps 
  • Manage entitlements – requires Azure AD Premium P2 licenses

3 - ASSUME BREACH

Reduce any lateral movement by segmenting access by network, user, devices and apps. Use analytics to drive more insights and gain visibility across all threats to better improve your overall protection: 

  • Deploy Azure AD Password Protection 
  • Block legacy authentication 
  • Enable identity protection – requires Azure AD Premium P2 
  • Enable restricted sessions 
  • Enable Conditional Access integration with Microsoft Cloud App Security (MCAS) 
  • Integrate MCAS with identity protection 
  • Integrate Azure Advanced Threat Protection (ATP) with MCAS 
  • Enable Microsoft Defender ATP (MDATP) 

Why Insentra and Microsoft?

You are receiving this email because you are entitled to receive Microsoft’s FastTrack benefits delivered by the Insentra teamInsentra’s qualified consultants can work closely with your technical teams, project sponsors and stakeholders to help drive workload adoption and gain the most value out of your Office 365/Microsoft 365 subscription.

If you would like more information on anything you’ve read here, please download our FastTrack Brochure, or get in contact with our Senior Consultant – Hambik Matvosian.