Microsoft 365 Zero Trust Security

Are you ready to have a security strategy in place that’s aligned with the modern, hybrid work environment? Embrace proactive security with Zero Trust.

What is Zero Trust?

Instead of assuming everything behind the corporate firewall is safe, the Zero Trust security model assumes breach and verifies each request as though it originated from an uncontrolled network. Regardless of where the request originates or what resource it accesses, the Zero Trust model teaches us to ‘never trust, always verify’. Every access request is fully authenticated, authorised and encrypted before granting access.

Why Zero Trust?

Businesses today need a new security model that more effectively adapts to the complexity of the modern environment, embracing the hybrid workplace, and protecting people, devices, apps, and data wherever they are located. The Zero Trust policy gives you the confidence that your business will remain protected, while allowing hybrid working.

Zero Trust Principles

Verify explicitly: Always authenticate and authorise based on all available data points, including user identity, location, workload, data classification and anomalies.

Use least privileged access: Limit user access with just-in-time and just-enough-access (JIT/JEA), risk-based adaptive polices, and data protection to help secure both data and productivity.

Assume breach: Verify end-to-end encryption and use analytics to get visibility, drive threat detection, and improve defences.

Below is a breakdown of the Microsoft technologies available to help you implement a Zero Trust security strategy…

Identities:

Identities representing people, services or IoT devices, are the common dominator across network, endpoint and applications. In a Zero Trust strategy, identities function as a powerful and flexible way to control access to data. Microsoft suggests that before an identity attempt to access a resource, you should:

• Verify the identity with strong authentication
• Ensure access is compliant and typical for that identity
• Follow least privilege access principles

There are a few tools available from Microsoft to help ensure you’re following these guidelines:

• Azure Active Directory
• Multi-Factor Authentication (MFA)
• Conditional Access
• Privileged Identity Management (PIM)

Devices:

With the sharp rise of remote and hybrid working over the past 2 years, devices are now one of the biggest security risks to many organisations with employees using their personal devices. The Zero Trust strategy encourages the same security policies to be applied across all devices, whether they are corporate or personal devices, through Bring You Own Device.

Microsoft has the Endpoint Manager technology, which will provide you with the tools to manage and monitor mobile devices, desktops, virtual machines, embedded devices, and services. Allowing you to keep your data secure across all of these devices, whether they’re in the cloud or on-premise. Endpoint Manager combines popular Microsoft services as Intune, Configuration Manager, Desktop Analytics and more.

Applications:

As more businesses adopt a Hybrid Working approach, critical business applications are moving into the cloud so employees can access them whether they’re at home or in the office. To get the full benefit of cloud applications and services, you must be able to provide access whilst maintaining control to protect critical data accessed via applications and APIs. Now that your employees can access your resources and apps from outside your corporate network, it’s no longer enough to have rules and policies on your firewalls. You should instead start focusing on identifying app usage patterns, assessing risk levels and business readiness of apps, preventing data leaks to non-compliant apps, and limiting access to regulated data.

Microsoft has suggested enabling Cloud Discovery and integrating Defender for Endpoint so that you can start collecting data from Windows 10 devices on and off your network. You can then create policies that will allow you to detect, and be alerted of, any risky behaviour or suspicious activity in your cloud environment.

Data:

Data is one of your most valuable assets, and you must protect it at all costs. This is why it’s time you moved from perimeter-based data protection to data-driven protection. To help you implement effective information protection, we recommend you follow the below process, leveraging certain Microsoft technologies:

• Knowing your data– Understand your data landscape and identify important information across your cloud and on-premises environment.
• Protecting your data– Protect your sensitive data throughout its lifecycle by applying Microsoft sensitivity labels linked to protection actions like encryption, access restrictions, visual markings, and more. You can use the following tools to help protect your data; Sensitivity labels, Azure Information Protection, Cloud App Security, Double Key Encryption, Office 365 Message Encryption (OME) and SharePoint Information Rights Management (IRM).
• Prevent Data loss– Apply a consistent set of data loss prevention policies across the cloud, on-premises environments, and endpoints to monitor, prevent, and remediate risky activities with sensitive data. Leverage the following Microsoft technologies to help prevent data loss within your organisation; Data Loss Prevention Policy, Endpoint Data Loss Prevention and Microsoft Compliance Extension.
• Govern your data– Manage information lifecycle and records intelligently with in-place management, automated policies, defensible disposal, and pre-built data connectors.

Infrastructure:

Your Infrastructure, whether on-premises servers or cloud-based VMs, can open you up to threats. Therefore, it’s important you assess for version, configuration, and Just-In-Time access to strengthen your defence. Start by detecting any attacks on your infrastructure and automatically block any risky behaviour to prevent any issues.

Microsoft suggests setting the Tenant Baseline, which is a way for you to set a baseline for how your Infrastructure is meant to be running. Leveraging Azure provides you with the ability to manage all your VMs in one place using Azure Arc. Using Azure Arc, you can extend your Security Baselines from Azure Policy, your Azure Security Center (ASC) policies, and Secure Score evaluations, as well as logging and monitoring all your resources in one place.

Network:

As people are working from home off various devices, there isn’t necessarily a contained/defined network to secure now. Instead, there is a vast portfolio of devices and networks, all linked by the cloud. It’s important that you verify each request as if it originates from an uncontrolled network. There are a few Microsoft tools available to support you in protecting your network, such as Azure Web Applications Firewall (WAF), Azure Firewall, Azure Front Door, Azure VPN Gateway and Azure Bastian.

We’re here to help!

As one of Microsoft’s partners, we understand that enabling these technologies isn’t always as easy as it seems. For support in creating a Zero Trust Security strategy that works for your business, please get in touch today!