Back

Rapid Zero Trust Implementation With Microsoft 365 (part 1)

From cybersecurity insurance requirements to executive ordersnewsinsidethenewcybersecurityexecutiveorder and from NIST frameworksnews...

6 min read
Published on Oct 12, 2021
rapid-zero-trust-implementation-with-microsoft-365-part-1

From cybersecurity insurance requirements to executive orders and from NIST frameworks to CISA guidance, it is clear that Zero Trust is no longer just a buzzword. In the new post-COVID world of hybrid work, it is clear that the old school perimeter model of defense is gone for good, it’s walls shattered by a remote workforce that has come to expect the ability to work anywhere, at any time and on any device. Thankfully, rapid Zero Trust implementation is not only possible, if you are using Microsoft 365, it’s relatively painless to get started.

Stages of Zero Trust Implementation

  • User Access and Productivity
  • Apps and Data
  • Security Operations
  • Operational Technology
  • Data Center Security

Note, that in some cases these stages can operate in tandem, however the logical separation makes implementation easier to understand.

User Access and Device Security

User Account Security with Multifactor Authentication (MFA), Conditional Access, and Passwordless Authentication

The first thing to secure is user accounts. Passwords are increasingly vulnerable, so Multi-factor authentication is a must, and moving beyond password-only based verification is critical. Easing user impact with conditional access allows you to set rules where MFA is not required if they are logged into the local network, or to strengthen certain accounts such as admins by restricting their ability to log in to specific devices and locations. 

Microsoft has recently rolled out the ability for users to completely remove their passwords from Microsoft 365, and the ease and simplicity of Windows Hello to use biometrics, PINs, and the Microsoft Authenticator app is accelerating the end of the password era. 

zero trust implementation with microsoft 365 architecture

Device protection with MDM and MAM

Once you have strengthened you user identity and access, the next step is to secure devices. With users often using their own devices to perform work, if their personal devices have been compromised it becomes possible for attackers to steal credentials and expand their attack against other parts of your environment. Intune, part of Microsoft Endpoint manager allows you to protect both company owned and private (BYOD) devices. To manage corporate owned devices, Mobile Device Management (MDM controls the entire device. 

With Mobile Application Management (MAM) you only control your company information and applications on the device. With MAM If the device does not meet your established device health policies, such as recent updates, passcode length, screen lock time, you can restrict what information they are able to access, for example allowing them to view less sensitive information like product PDFs, while prohibiting them from accessing critical information such as financials, Personal Health Information (PHI), etc. 

Application Protection

Now that your users identities and devices are protected, it is time to protect your applications and data. Azure AD (AAD) makes it easy to enforce the strong user access controls established with MFA and conditional access across all of your applications.). 

To secure applications, you begin by configuring AAD for all of your SaaS applications using SAML, OAuth or OIDC. For applications that do not support these modern protocols, connect your VPN appliance to Azure AD Authentication. This expands your device and user validation from above to all of your VPN sessions. The next step is to move applications off of VPNs by publishing existing on-prem line of business and IaaS applications through Azure App Proxy. In addition to protecting the application, it also enables you to restrict accounts to accessing a single application, unlike traditional VPNs that frequently provide access to all ports and protocols across a network. 

Data Protection

Microsoft 365 includes tools such as Microsoft Information Protection and Cloud App Security that can protect your information both inside and outside of Microsoft 365. As you focus on protecting your data, you should make sure that your information is secure no matter where it is stored; in cloud services such as Google Drive and DropBox, on USB devices, workstations, mobile devices. You should take a full-lifecycle governance approach to your information that includes

  • Discovery
  • Classification
  • Protection 
  • Monitoring

Microsoft information Protection transparently encrypts data requiring identity authentication for access. Again, these controls can be a strict as you find necessary and based on predefined sensitivity labels. Microsoft Cloud App Security (MCAS) enables you to discover unstructured data across multiple cloud applications, and Azure Purview gives the ability to discover, protect, and govern structured data across your entire organization in SQL databases, Amazon S3 instances, Oracle DB and dozens of other data sources. 

All together, these tools mean that even if information leaves your environment on a stolen device, snuck out in a peanut butter sandwich, or exfiltrated by an APT, it becomes unreadable without proper user authentication. This also means that when a employee leaves the company, no matter where they may have stored company information they lose access to it.

Security Operations (SecOps)

Usually run in parallel to user device and data protection efforts, modernizing SecOps is meant to increase the productivity, effectiveness and response times of security team members through strong prioritization to assure team members are focused on the most impactful threats to the organization and not chasing false alarms, struggling through divergent tools and missing signals in siloed platforms. 

Azure Sentinel is a combined Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) Platform that collects signals, logs, and telemetry from just about everywhere. 

The Key focuses for a SecOps team implementing Zero Trust are:

  • Streamline Responses

 - Master threat response and remediation on the most commonly attacked resources using:

* **Extended Detection and Response**
 (XDR) Provide high quality alerts for new resource types, bypassing manual effort and delays when trying to build every alert in your SIEM.
* **Streamlining the processes for these common attacks**
. Focusing Tier 1 (triage) and Tier 2 (analyst) teams on mastering these attacks will recognize and stop both commodity and advanced attackers earlier in attack.
  • Unify Visibility

 – creating high-quality individual alerts from raw data in SIEMs is difficult, however, they are useful for bringing data and context together for investigations and threat hunting, giving a full view across your entire estate, making it harder for attackers to hide. 

  • Reduce Manual Effort -

 Security operations should be focused on reducing manual and repetitive tasks like switching tools, typing commands, copy/pasting data, etc. Giving analysts a streamlined end to end integrated experience with SOAR technology increases effectiveness (and happiness). SOAR technology is built into both Microsoft 365 Defender and Azure Sentinel. 

Leverage Agile IT for Zero Trust Implementation

Agile IT began implementing Zero Trust architectures for it’s clients in 2018, and has included core tenants into every migration and implementation we perform. To find out how you can defend you users, devices, data and infrastructure across any cloud. Request a free consultation.

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

Risks of not using a CMMC RPO

The Risks of Not Using a CMMC RPO for Compliance and Certification Readiness

A CMMC RPO helps organizations prepare for certification and avoid compliance failures. Learn why working with an RPO is essential for achieving CMMC compliance.

Mar 20, 2025
8 min read
CMMC 2.0 Require GCC High for Compliance

Does CMMC 2.0 Require GCC High for Compliance?

Does CMMC 2.0 require GCC High? Learn the cloud options for compliance, data security, and protecting CUI under NIST 800-171 and DFARS.

Mar 17, 2025
10 min read
Office 365 License Comparison: Business Plans Vs. E5, E3 and E1

CMMC RPO vs a C3PAO: Understanding Their Roles in Compliance

Understanding the difference between an RPO and a C3PAO is crucial for CMMC compliance. Learn why they should be separate and how an RPO helps prepare for certification.

Mar 15, 2025
6 min read
Can You Meet CMMC with Google Workspace?

Can You Meet CMMC with Google Workspace?

Is Google Workspace CMMC compliant? Learn about its DFARS, NIST 800-171, and ITAR limitations and how migrating to GCC High ensures full compliance.

Mar 4, 2025
7 min read
Is Maintaining a GCC High Tenant Worth It for Non-Government

Evaluating the Need for a GCC High Tenant in Non-Government Organizations

Explore whether maintaining a GCC High tenant is necessary for organizations not involved in government work. Understand the pros and cons, costs, and compliance considerations.

Feb 25, 2025
7 min read
Top 10 Reasons to Partner with an MSP for Security and Compliance

Top 10 Reasons to Partner with an MSP for Security and Compliance

Discover why partnering with an MSP for security and compliance is critical for organizations navigating FAR CUI and CMMC requirements.

Feb 21, 2025
8 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don't want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122

Secure. Defend. Thrive.

Don't want to wait for us to get back to you?

Discover more about Agile IT's range of services by reaching out

Schedule a Free Consultation