Home

Implementing a zero trust security model at Microsoft

%3CLINGO-SUB%20id%3D%22lingo-sub-872718%22%20slang%3D%22en-US%22%3EImplementing%20a%20zero%20trust%20security%20model%20at%20Microsoft%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-872718%22%20slang%3D%22en-US%22%3EThe%20traditional%20perimeter-based%20network%20defense%20is%20obsolete.%20Perimeter-based%20networks%20operate%20on%20the%20assumption%20that%20all%20systems%20within%20a%20network%20can%20be%20trusted.%20However%2C%20today%E2%80%99s%20increasingly%20mobile%20workforce%2C%20the%20migration%20towards%20public%20cloud%20services%2C%20and%20the%20adoption%20of%20Bring%20Your%20Own%20Device%20(BYOD)%20model%20make%20perimeter%20security%20controls%20irrelevant.%20Networks%20that%20fail%20to%20evolve%20from%20traditional%20defenses%20are%20vulnerable%20to%20breaches%3A%20an%20attacker%20can%20compromise%20a%20single%20endpoint%20within%20the%20trusted%20boundary%20and%20then%20quickly%20expand%20foothold%20across%20the%20entire%20network.%20In%20addition%20digital%20transformation%20will%20require%20the%20security%20approach%20change%20from%20placing%20trust%20in%20devices%20attached%20to%20corporate%20networks%20to%20an%20approach%20where%20trust%20is%20verified%20with%20identity%20and%20device%20health%20validation%20regardless%20of%20connectivity%20location.%20In%20this%20session%2C%20learn%20how%20we%E2%80%99re%20implementing%20a%20zero%20trust%20model%20at%20Microsoft%20for%20150%2C000%20users%20and%20600%2C000%20end%20points%20across%20120%20countries.%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-872718%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EBRK2240%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-984933%22%20slang%3D%22en-US%22%3ERE%3A%20Implementing%20a%20zero%20trust%20security%20model%20at%20Microsoft%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-984933%22%20slang%3D%22en-US%22%3EHow%20does%20Microsoft%20Manage%20when%20there%20are%20Azure%20MFA%20outages%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-984934%22%20slang%3D%22en-US%22%3ERE%3A%20Implementing%20a%20zero%20trust%20security%20model%20at%20Microsoft%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-984934%22%20slang%3D%22en-US%22%3EHow%20does%20Microsoft%20Manage%20when%20there%20are%20Azure%20MFA%20outages%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-984935%22%20slang%3D%22en-US%22%3ERE%3A%20Implementing%20a%20zero%20trust%20security%20model%20at%20Microsoft%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-984935%22%20slang%3D%22en-US%22%3EHow%20does%20Microsoft%20Manage%20when%20there%20are%20Azure%20MFA%20outages%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1002022%22%20slang%3D%22en-US%22%3ERE%3A%20Implementing%20a%20zero%20trust%20security%20model%20at%20Microsoft%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1002022%22%20slang%3D%22en-US%22%3EHow%20come%20Azure%20App%20Proxy%20is%20not%20one%20of%20the%20desired%20approaches%20for%20accessing%20legacy%20on-prem%20apps%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1003481%22%20slang%3D%22en-US%22%3ERE%3A%20Implementing%20a%20zero%20trust%20security%20model%20at%20Microsoft%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1003481%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1096%22%20target%3D%22_blank%22%3E%40Dean%20Gross%3C%2FA%3E%2C%20While%20we%20did%20not%20cover%20it%20directly%2C%20it%20is%20in%20fact%20a%20big%20part%20of%20our%20strategy.%26nbsp%3B%20Having%20migrated%20the%20majority%20of%20our%20Line%20of%20Business%20(LoB)%20applications%20already%20to%20Azure%20over%20the%20last%20few%20years%2C%26nbsp%3B%20we%20don't%20have%20many%20in%20that%20bucket%20that%20requires%20us%20to%20leverage%20Azure%20App%20Proxy%2C%20but%20we%20do%20currently%20have%20roughly%2065%2B%2F-%20LoB%20Apps%20that%20leverage%20App%20Proxy%20today.%26nbsp%3B%20Our%20three%20pronged%20approach%20is%20to%3A%26nbsp%3B%3C%2FP%3E%3COL%3E%3CLI%3EModernize%20app%20to%20PaaS%2C%20SaaS%2C%20or%20other%20serverless%20technology%20accessible%20from%20the%20Internet%3C%2FLI%3E%3CLI%3ERemain%20IaaS%2C%20but%20make%20application%20accessible%20from%20the%20Internet%3C%2FLI%3E%3CLI%3ELeverage%20Azure%20App%20Proxy%20for%20legacy%20on-prem%20application.%26nbsp%3B%3C%2FLI%3E%3C%2FOL%3E%3CP%3EOur%20current%20plan%20is%20to%20have%20the%20majority%20(if%20not%20all)%20our%20LoB%20apps%20in%20bucket%20one%20or%20two%20by%20Sept.%202020.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Community Manager
The traditional perimeter-based network defense is obsolete. Perimeter-based networks operate on the assumption that all systems within a network can be trusted. However, today’s increasingly mobile workforce, the migration towards public cloud services, and the adoption of Bring Your Own Device (BYOD) model make perimeter security controls irrelevant. Networks that fail to evolve from traditional defenses are vulnerable to breaches: an attacker can compromise a single endpoint within the trusted boundary and then quickly expand foothold across the entire network. In addition digital transformation will require the security approach change from placing trust in devices attached to corporate networks to an approach where trust is verified with identity and device health validation regardless of connectivity location. In this session, learn how we’re implementing a zero trust model at Microsoft for 150,000 users and 600,000 end points across 120 countries.
5 Replies
Highlighted
How does Microsoft Manage when there are Azure MFA outages?
Highlighted
How does Microsoft Manage when there are Azure MFA outages?
Highlighted
How does Microsoft Manage when there are Azure MFA outages?
Highlighted
How come Azure App Proxy is not one of the desired approaches for accessing legacy on-prem apps?
Highlighted

Hi @Dean Gross, While we did not cover it directly, it is in fact a big part of our strategy.  Having migrated the majority of our Line of Business (LoB) applications already to Azure over the last few years,  we don't have many in that bucket that requires us to leverage Azure App Proxy, but we do currently have roughly 65+/- LoB Apps that leverage App Proxy today.  Our three pronged approach is to: 

  1. Modernize app to PaaS, SaaS, or other serverless technology accessible from the Internet
  2. Remain IaaS, but make application accessible from the Internet
  3. Leverage Azure App Proxy for legacy on-prem application. 

Our current plan is to have the majority (if not all) our LoB apps in bucket one or two by Sept. 2020. 

View this session in the session catalog

View session