This is Microsoft’s Zero Trust Architecture describing the key technical components of Zero Trust (including which Microsoft Technologies provide this capability).
Identity
Access Control (Identity and access policy) is critically important to enable and secure access to business assets. Microsoft’s technical capabilities to provide secure identities include:
Microsoft Entra ID (Formerly Azure AD) is a cloud-based identity and access management service that enables your employees to securely access any resources on cloud services or on premises.
Microsoft Entra ID Protection (formerly Azure AD Identity Protection) provides you with a consolidated view into risk events and potential vulnerabilities affecting your organization’s identities.
A workload identity is an identity you assign to a software workload (such as an application, service, script, or container) to authenticate and access other services and resources.
Microsoft Defender for Identity (formerly Azure ATP) detects on-premises identity attacks using behavioral analysis (UEBA) + specific detections for Pass the Hash/Ticket/Password, Golden Ticket, Skeleton Key, and others.
Entra ID Governance allows you to balance your organization's need for security and employee productivity with the right processes and visibility. You get capabilities to ensure that the right people have the right access to the right resources.
Zero Trust Policies
Microsoft’s technical capabilities to provide access policy enforcement include:
Microsoft Entra Conditional Access provides centralized policy control for data and applications by enforcing conditions on account authentication, network location, device health/compliance, and other risk factors.
Entra Public/Private Access Microsoft Entra Internet Access & Private Access (coupled with Microsoft Defender for Cloud Apps) are uniquely built as a solution that converges network, identity, and endpoint access controls so you can secure access to any app or resource, from anywhere
User Endpoints are critically important to access control because attackers who compromise them can use them to access or attack business assets. Microsoft’s technical capabilities to secure these assets include:
Intune - Microsoft Intune is a cloud-based mobile device management (MDM) and mobile application management (MAM) service. Intune integrates with Conditional Access to provide device security health signals.
Defender for Endpoint - Microsoft Defender for Endpoint (formerly Defender ATP) provides Endpoint Detection and Response (EDR), Threat and Vulnerability Management (TVM), automated incident investigation/remediation, and more for Windows, Linux, iOS, and Android
Microsoft Defender Application Guard (MDAG) (not shown) uses hardware isolation techniques to help prevent old and newly emerging attacks while keeping employees productive. For Microsoft Edge, Application Guard helps to isolate enterprise-defined untrusted sites, protecting your company while your employees browse the Internet. For Microsoft Office, Application Guard helps prevents untrusted Word, PowerPoint and Excel files from accessing trusted resources.
Azure Virtual Desktop (not shown) is a desktop and app virtualization service that runs on the cloud.
Windows 365 (not shown) is a cloud-based service that automatically creates a new type of Windows virtual machine (Cloud PCs) for your end users. Each Cloud PC is assigned to an individual user and is their dedicated Windows device. Windows 365 provides the productivity, security, and collaboration benefits of Microsoft 365.
Modern Security Operations
Rapid and accurate incident response is required to remove attacker access to business assets from successful attacks.. Microsoft’s technical capabilities to enable effective security operations include:
Microsoft Defender XDR provides a unified detection and response platform (XDR + SIEM) designed to simplify security operations with integrated detection, automated investigation and response across platforms and clouds. This includes multiple XDR solutions that provide deep coverage across resources including endpoint, email, SaaS applications, identities, IoT, OT, and more, as well as detection from custom data sources via SIEM (Microsoft Sentinel).
Microsoft Sentinel is a cloud native SIEM+SOAR solution that integrates with Microsoft Defender XDR and enables you to use UEBA and ML to detect, hunt for, and remediate threats across data sources in your enterprise.
Data Assets (Right Upper)
Many business critical assets take the form of data and many types of data are closely regulated for privacy, financial, and other important personal/societal reasons. Microsoft’s technical capabilities to secure data include:
Defender for Office 365 (formerly Office 365 ATP) provides XDR capabilities including sandbox detonation, integrated threat intelligence, attack simulation & more across Email, SharePoint Online, OneDrive for Business, Teams, etc.
Microsoft Purview is a comprehensive set of solutions that can help your organization govern, protect, and manage data, wherever it lives. Microsoft Purview solutions provide integrated coverage and help address the fragmentation of data across organizations, the lack of visibility that hampers data protection and governance, and the blurring of traditional IT management roles.
Microsoft Purview DLP - Microsoft Purview implement data loss prevention by defining and applying DLP policies to identify, monitor, and automatically protect sensitive items across Microsoft 365 services such as Teams, Exchange, SharePoint, and OneDrive accounts; Office applications such as Word, Excel, and PowerPoint; Windows 10, Windows 11, and macOS (three latest released versions) endpoints; non-Microsoft cloud apps; on-premises file shares and on-premises SharePoint; and Power BI
Microsoft Purview Information Protection is a built-in, intelligent, unified, and extensible solution to protect sensitive data in documents and emails across your organization.
Microsoft Priva helps you helps organizations safeguard personal data, build a privacy-resilient workplace, and meet regulatory requirements for managing private data.
Defender for Cloud (SQL DB/Files) (not shown)- Defender for Databases in Microsoft Defender for Cloud allows you to protect your entire database estate with attack detection and threat response for the most popular database types in Azure. Defender for Cloud provides protection for the database engines and for data types, according to their attack surface and security risks.
Intune Mobile App Management (MAM) (not shown) for unenrolled devices uses app configuration profiles to deploy or configure apps on devices without enrolling the device. When combined with app protection policies, you can protect data within an app.
Apps
GitHub Advanced Security provides DevSecOps and Application development security that integrates natively in the developer workflow including code scanning, secret scanning, alerting, security policies, and more.
Defender for Cloud Apps (formerly Microsoft Cloud App Security or MCAS) Provides key XDR capabilities for Security Operations for SaaS applications as well as Shadow IT Risk management, Info Protection / DLP, Session Monitoring & Control, and more.
Microsoft Defender for APIs is a plan provided by Microsoft Defender for Cloud that offers full lifecycle protection, detection, and response coverage for APIs.
Infrastructure
It’s critical to protect the assets you have today providing business critical services as well as the new assets your organization is creating or acquiring each day.
Cloud and on-premises infrastructure and applications host business critical assets that are frequently targeted by attackers. Microsoft’s technical capabilities to secure these assets include:
Entra Permissions Management (formerly Cloudknox) provides Cloud infrastructure entitlement management (CIEM) solution that detects, automatically right-sizes, and continuously monitors unused/excessive permissions across multicloud infrastructures in Azure, Amazon Web Services (AWS), & Google Cloud Platform (GCP)
Microsoft Defender for Cloud provides XDR and CSPM capabilities to posture management and security operations for Azure, AWS, GCP, and on-premises resources (VMs, DevSecOps, Networks, Kubernetes/Containers, SQL, Storage, IoT/OT, & more)
Azure Arc extends Azure management to resources in other clouds and on-premises datacenters, enabling consistent management & security experience across platforms. Azure Arc projects these resources into ARM to be managed by tooling like Microsoft Defender
Azure Networking includes:
Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.
Azure Web Application Firewall is a feature of Application Gateway that provides centralized protection of your web applications from common exploits and vulnerabilities like SQL injection attacks, cross site scripting attacks using OWASP core rule sets 3.0 or 2.2.9.
Additional built in controls for access control and traffic routings
Azure Automanage (not shown) machine best practices is a service that simplifies the process of discovering, onboarding, and configuring certain services in Azure that benefit your virtual machine (such as Azure Update Management and Azure Backup.)
Additional Information: Integration, Feedback, and Continuous Improvement
Zero Trust requires integration to ensure that signals and context are shared between tools/teams and are adapting to continuous changes by attackers. Zero Trust also requires feedback mechanisms to enable continuous improvement of policy, technology, configurations, and more.
#ZeroTrustArchitecture #Cybersecurity #MicrosoftTechnologies #IdentityManagement #AccessControl #EndpointSecurity #CloudSecurity #SecurityOperations #DataProtection #InfrastructureSecurity #DevSecOps #XDR #SIEM #ThreatDetection #ContinuousImprovement #InformationProtection #DigitalTransformation #Inwayz #CloudDevOpsBootcamp
Comments