The Microsoft Zero Trust Assessment: Helping you operationalize the hardening of your Microsoft security products

Evolving Threats, Adaptive Defenses: The Security Practitioner’s New Reality 

Cyber threats are advancing faster than ever, and the arrival of highly accessible AI tools with a low proficiency barrier has made this challenge one that most organizations cannot keep up with. According to the latest Microsoft Digital Defense Report, 28% of breaches begin with phishing, and we also see a 4.5x increase in AI automated phishing campaigns with higher click through rates. This example highlights the need for security organizations to not only prioritize hardened security policies but also automating detection of misconfigurations and deviations from the desired security posture. 
 
To help address these challenges, Microsoft launched the Secure Future Initiative (SFI) in November 2023, a multiyear effort to transform how we design, build, test, and operate our products and services, to meet the highest security standards. SFI unites every part of Microsoft to strengthen cybersecurity across our company and products. We’ve committed to transparency by sharing regular updates with customers, partners, and the security community. Today, we released our third SFI progress report, which highlights 10 actionable patterns and practices customers can adopt to reduce risk, along with additional best practices and guidance. In this report, we share updates across every engineering pillar, introduce mapping to the NIST Cybersecurity Framework to help customers measure progress against a recognized industry standard, and showcase new security capabilities delivered to customers. We also provide implementation guidance aligned to Zero Trust principles, ensuring organizations have practical steps to reduce risk and strengthen resilience. 

Building on these learnings, we’re excited to announce the public preview of the Microsoft Zero Trust Assessment tool, designed to help you identify common security gaps starting with Identity and Device pillars with the remaining pillars of Zero Trust coming soon. This assessment is informed by our own SFI learnings and aligned with widely recognized frameworks such as CISA’s SCuBA project. Your feedback is critical as we continue to iterate and expand this tool. Our goal is for you to operationalize it in your environment and share insights as we add more pillars in the coming months. 

Introducing Zero Trust Assessment  

A deep dive into how the Microsoft Zero Trust Assessment works including report structure, prioritization logic, and implementation guidance is available below in this blog. The Microsoft Zero Trust Assessment empowers teams to make informed decisions, reduce blind spots, and prioritize remediation, turning insights into action. Once you download and run the tool (installation guide), it will assess your policy configurations and scan objects to generate a comprehensive report that not only highlights gaps and risks but also explains what was checked, why a test failed, and how your organization can implement the recommended configuration. This makes the results immediately actionable; security teams know exactly what steps to take next. The report features an overview page that presents aggregated data across your tenant, highlighting overall risk levels, patterns, and trends. This allows security teams to quickly assess their organization’s posture, identify high-impact areas, and prioritize remediation efforts. 

Figure 1: Overview Page

The assessment provides a detailed list of all the tests that were conducted, including those not applicable, so the results are clear and relevant. Each test includes risk level, user impact, and implementation effort, enabling teams to make informed decisions and prioritize fixes based on business impact. By combining clear guidance with prioritized recommendations, the Zero Trust Assessment turns insights into action, helping organizations reduce blind spots, strengthen security, and plan remediation effectively. Future updates will expand coverage to additional Zero Trust pillars, giving organizations even broader visibility and guidance.  

Figure 2: Outcome of the Identity/Devices Checks

For each test performed, customers can see the exact policies or objects that are passing or failing the test with a direct link to where they can address it in the product, and guidance on how to remediate.  

Figure 3: Details of the test performed

The report also provides granular details of the policies evaluated and any applicable assignment groups. In addition, the tool provides clear guidance on details of the test performed and why it matters, and the steps required to resolve issues effectively. 

How It Works 

Here’s a quick summary of the steps for you to run the tool. Check our documentation for full details. 

First, you install the ZeroTrustAssessment PowerShell module. 

Install-Module ZeroTrustAssessment -Scope CurrentUser 

Then, you connect to Microsoft Graph and to Azure by signing into your tenant. 

Connect-ZtAssessment

After that, you run a single command to kick off the data gathering. Depending on the size of your tenant, this might take several hours. 

Invoke-ZtAssessment

After the assessment is complete, the tool will display the assessment results report. A sample report of the assessment can be viewed at aka.ms/zerotrust/demo. 

The tool uses read-only permissions to download the tenant configuration, and it runs the analysis locally on your computer. We recommend you treat the data and artifacts it creates as highly sensitive organization security data.  

Get Started Today 

Ready to strengthen your security posture? Download and run the Zero Trust Assessment to see how your tenant measures up. Review the detailed documentation for Identity and Devices to understand every test and recommended action. If you have feedback or want to help shape future releases, share your insights at aka.ms/zerotrust/feedback. If you find the assessment valuable, pass it along to your peers and help raise the bar for all our customers.

To learn more about Microsoft Security solutions, visit our website.  Bookmark the Security blog and Technical Community blogs to keep up with our expert coverage on security matters, including updates on this assessment. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. 

What’s Next 

This is just the first step in the journey. We will be launching new SFI-infused assessments across the other pillars of Zero Trust in the coming months. Please stay tuned for updates.  

Want to go deeper? 

Visit the SFI webpage to explore the report, actionable patterns, NIST mapping, and best practices that can help you strengthen your security posture today.