Azure Fundamentals (AZ-900)

Last Updated: 1/10/2023

Zero Trust Model

  • Zero Trust is a security model that assumes the worst-case scenario and protects resources with that expectation.
  • Zero Trust assumes breach at the outset, and then verifies each request as though it originated from an uncontrolled network.
  • Microsoft highly recommends the Zero Trust security model, which is based on these guiding principles:
    • Verify explicitly: Always authenticate and authorize based on all available data points.
    • Use least privilege access: Limit user access with Just-In-Time and Just-Enough-Access (JIT/JEA), risk-based adaptive policies, and data protection.
    • Assume breach: Minimize blast radius and segment access. Verify end-to-end encryption. Use analytics to get visibility, drive threat detection, and improve defenses.

Adjusting to Zero Trust

  • Traditionally, corporate networks were restricted, protected, and generally assumed safe. Only managed computers could join the network, VPN access was tightly controlled, and personal devices were frequently restricted or blocked.
  • The Zero Trust model flips requires everyone to authenticate. Then grants access based on authentication rather than location.
Previous
Next