Microsoft 365 zero trust model is a security framework designed to provide maximum security to Microsoft 365 users and data by treating all users and devices as potential threats, and only granting access based on a strict set of identity and access management policies.
The zero trust model operates on the principle of “never trust, always verify.” This means that every user and device, whether inside or outside the network perimeter, must continuously authenticate themselves and their access to resources, and that access is only granted on a need-to-know basis.
The Microsoft 365 zero trust model consists of several security features and technologies, including multi-factor authentication (MFA), conditional access policies, privileged identity management, and continuous risk assessment. These tools work together to protect user identities, data, and devices from potential cyber threats, including phishing attacks, ransomware, and data breaches.
Overall, the Microsoft 365 zero trust model is a comprehensive approach to security that helps organizations better protect their digital assets and reduce the risk of data breaches and cyber attacks.
The zero Trust model is based on 3 principles and 6 foundational pillars.
3 Principles
- Verify explicitly
- Least Privilege access
- Assume breach
6 pillars
- Identities
- Endpoints (Devices)
- App
- Data
- Infrastrucute Networks
