Explore the Zero Trust implementation guide
The National Institute of Standards Technology and Microsoft collaborated on the industry-standard Zero Trust guide.
Safeguard your people, devices, apps, and data
A Zero Trust strategy empowers you to navigate modern security challenges with confidence.
- Reduce security vulnerabilities with expanded visibility across your digital environment, risk-based access controls, and automated policies.
- With decades of enterprise experience and a vast set of offerings to help you secure your most critical assets and ensure compliance across your organization, Microsoft is here to help.
- Building for the future is less intimidating when you can use and manage AI with confidence.
- Continue your Zero Trust journey with Microsoft, a trusted partner and recognized leader.
Zero Trust that extends to your entire digital estate
Instead of assuming everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies each request as though it originates from an open network. Every access request is fully authenticated, authorized, and encrypted before granting access.
Demos and expert insights
Learn how to implement Zero Trust principles and policies at your organization from the Microsoft Mechanics Zero Trust Essentials video series.
Zero Trust defense areas
Explore how Microsoft applies Zero Trust policies across eight key defense areas.
Identities
Verify and secure each identity with strong authentication across your entire digital estate using Microsoft Entra.
Endpoints
Gain visibility into devices accessing the network and ensure compliance and health status before granting access using Microsoft Intune.
Apps
Discover shadow IT, ensure appropriate in-app permissions, gate access based on real-time analytics, and monitor and control user actions with AI-powered, unified SecOps.
Data
Move from perimeter-based data protection to data-driven protection, use intelligence to classify data, and encrypt and restrict access with information and protection and governance.
Infrastructure
Use telemetry to detect attacks and anomalies, automatically block and flag risky behavior, and employ least-privilege access principles with comprehensive cloud security.
Network
Ensure that devices and users aren’t trusted just because they’re on an internal network. Encrypt all internal communications, limit access by policy, and employ microsegmentation and real-time threat detection with Azure networking and network security services.
AI cybersecurity
Embrace the game-changing technology of generative AI for cybersecurity to transform the way you work—and how you protect your organization.
Secure and govern AI
Establish a robust security foundation with Zero Trust so you can embrace the age of AI with confidence.
Zero Trust and AI for end-to-end security
Explore how Zero Trust and AI help you build resilience and foster innovation at your organization.
What analysts are saying
Learn why Microsoft was recognized as a Leader in The Forrester Wave™: Zero Trust Platform Providers, Q3 2023 report.
Customer success stories
Explore how customers achieve Zero Trust with Microsoft solutions
Zero Trust resources
Explore the latest Zero Trust news, resources, and reports.
FAQ
- Zero Trust is a modern security strategy based on the principle never trust, always verify. Instead of assuming everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies each request as though it originates from an open network.
- The three main pillars of Zero Trust are:
- Verify explicitly: always authenticate and authorize based on all available data points, including user identity, location, device health, service or workload, data classification, and anomalies.
- Use least-privilege access: limit user access with just-in-time and just-enough-access, risk-based adaptive polices, and data protection to help secure data and improve productivity.
- Assume breach: verify end-to-end encryption and use analytics to gain visibility, detect threats, and improve defenses.
- Organizations need Zero Trust solutions because security has become more complex. As increasing numbers of employees work remotely, it’s no longer sufficient to just protect the network perimeter. Organizations need adaptive solutions that fully authenticate and verify every access request and quickly detect and respond to threats both inside and outside the network.
- Zero Trust helps solve the problem of greater complexity. Today’s organizations need to protect a growing volume of data across a multiplatform, multicloud environment. Risks to that data have increased as more companies turn to hybrid work and attacks become more sophisticated. Zero Trust helps simplify security with a strategy, processes, and automated tools that verify every transaction, enforce least-privilege access, and apply advanced detection and response to threats.
- A Zero Trust network fully authenticates, authorizes, and encrypts every access request, applies microsegmentation and least-privilege access principles to minimize lateral movement, and uses intelligence and analytics to detect and respond to anomalies in real time.
- One of the most effective Zero Trust policies is multifactor authentication. Requiring that every user perform two or more forms of authentication (such as using a PIN on a known device) every time they sign in significantly decreases the risk that a bad actor with stolen credentials will gain access.
- Implementing a Zero Trust strategy starts with identifying business priorities and gaining leadership buy-in. It may take many years to complete the rollout, so it helps to start with easy wins and prioritize tasks based on business goals. An implementation plan will typically include the following steps:
- Roll out identity and device protection, including multifactor authentication, least-privilege access, and conditional access policies.
- Enroll endpoints in a device-management solution to ensure devices and apps are up to date and meet organizational requirements.
- Deploy an extended detection and response solution to detect, investigate, and respond to threats across endpoints, identities, cloud apps, and emails.
- Protect and govern sensitive data with solutions that provide visibility into all data and apply data loss prevention policies.
Go to the Zero Trust Guidance Center for additional resources. - SASE is a security framework that combines software-defined wide area networking (SD-WAN) and Zero Trust security solutions into a converged cloud-delivered platform that securely connects users, systems, endpoints, and remote networks to apps and resources.
Zero Trust, which is a modern security strategy that centers on verifying each access request as though it originates from an open network, is one component of SASE. SASE also includes SD-WAN, Secure web gateway, cloud access security broker, and firewall as a service, all centrally managed through a single platform. - A VPN is a technology that enables remote employees to connect to the corporate network.
Zero Trust is a high-level strategy that assumes that individuals, devices, and services that are attempting to access company resources, even those inside the network, cannot automatically be trusted. To enhance security these users are verified every time they request access, even if they were authenticated earlier.
Get started
Protect everything
Make your future more secure. Explore your security options today
Follow Microsoft Security