Zero Trust for Endpoints and Applications - Essentials Series - Episode 3

Published Jun 10 2021 10:31 AM 4,486 Views
Contributor

See how you can apply Zero Trust principles and policies to your endpoints and apps; the conduits for users to access your data, network, and resources. Jeremy Chapman walks through your options, controls, and recent updates to implement the Zero Trust security model.

 

Screen Shot 2021-06-10 at 12.57.34 PM.png

 

Our Essentials episode gave a high-level overview of the principles of the Zero Trust security model, spanning identity, endpoints, applications, networks, infrastructure, and data. For Zero Trust, endpoints refer to the devices people use every day — both corporate or personally owned computers and mobile devices. The prevalence of remote work means devices can be connected from anywhere and the controls you apply should be correlated to the level of risk at those endpoints. For corporate managed endpoints that run within your firewall or your VPN, you will still want to use principles of Zero Trust: Verify explicitly, apply least privileged access, and assume breach.

 

 

QUICK LINKS:

Link References:

Unfamiliar with Microsoft Mechanics?

 

Keep getting this insider knowledge, join us on social:


%3CLINGO-SUB%20id%3D%22lingo-sub-2436192%22%20slang%3D%22en-US%22%3EZero%20Trust%20for%20Endpoints%20and%20Applications%20-%20Essentials%20Series%20-%20Episode%203%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2436192%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3ESee%20how%20you%20can%20apply%20Zero%20Trust%20principles%20and%20policies%20to%20your%20endpoints%20and%20apps%3B%20the%20conduits%20for%20users%20to%20access%20your%20data%2C%20network%2C%20and%20resources.%26nbsp%3B%3C%2FSPAN%3E%3CA%20class%3D%22bv%20kg%22%20href%3D%22https%3A%2F%2Ftwitter.com%2Fdeployjeremy%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EJeremy%20Chapman%3C%2FA%3E%3CSPAN%3E%26nbsp%3Bwalks%20through%20your%20options%2C%20controls%2C%20and%20recent%20updates%20to%20implement%20the%20Zero%20Trust%20security%20model.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Screen%20Shot%202021-06-10%20at%2012.57.34%20PM.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F287878iB50D273221AD6A51%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Screen%20Shot%202021-06-10%20at%2012.57.34%20PM.png%22%20alt%3D%22Screen%20Shot%202021-06-10%20at%2012.57.34%20PM.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EOur%20Essentials%20episode%20gave%20a%20high-level%20overview%20of%20the%26nbsp%3Bprinciples%20of%20the%20Zero%20Trust%20security%20model%2C%20spanning%20identity%2C%20endpoints%2C%20applications%2C%20networks%2C%20infrastructure%2C%20and%20data.%20For%20Zero%20Trust%2C%20endpoints%20refer%20to%20the%20devices%20people%20use%20every%20day%20%E2%80%94%20both%20corporate%20or%20personally%20owned%20computers%20and%20mobile%20devices.%20The%20prevalence%20of%20remote%20work%20means%20devices%20can%20be%20connected%20from%20anywhere%20and%20the%20controls%20you%20apply%20should%20be%20correlated%20to%20the%20level%20of%20risk%20at%20those%20endpoints.%20For%20corporate%20managed%20endpoints%20that%20run%20within%20your%20firewall%20or%20your%20VPN%2C%20you%20will%20still%20want%20to%20use%20principles%20of%20Zero%20Trust%3A%20Verify%20explicitly%2C%20apply%20least%20privileged%20access%2C%20and%20assume%20breach.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CDIV%20class%3D%22video-embed-center%20video-embed%22%3E%3CIFRAME%20class%3D%22embedly-embed%22%20src%3D%22https%3A%2F%2Fcdn.embedly.com%2Fwidgets%2Fmedia.html%3Fsrc%3Dhttps%253A%252F%252Fwww.youtube.com%252Fembed%252FV8rAi7oWP2s%253Ffeature%253Doembed%26amp%3Bdisplay_name%3DYouTube%26amp%3Burl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DV8rAi7oWP2s%26amp%3Bimage%3Dhttps%253A%252F%252Fi.ytimg.com%252Fvi%252FV8rAi7oWP2s%252Fhqdefault.jpg%26amp%3Bkey%3Db0d40caa4f094c68be7c29880b16f56e%26amp%3Btype%3Dtext%252Fhtml%26amp%3Bschema%3Dyoutube%22%20width%3D%22600%22%20height%3D%22337%22%20scrolling%3D%22no%22%20title%3D%22YouTube%20embed%22%20frameborder%3D%220%22%20allow%3D%22autoplay%3B%20fullscreen%22%20allowfullscreen%3D%22true%22%3E%3C%2FIFRAME%3E%3C%2FDIV%3E%3CP%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CSECTION%20class%3D%22dp%20gn%20go%20dk%20gp%22%3E%0A%3CDIV%20class%3D%22n%20p%22%3E%0A%3CDIV%20class%3D%22ap%20aq%20ar%20as%20at%20gq%20av%20w%22%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3EWe%E2%80%99ve%20thought%20about%20the%20endpoint%20attack%20vectors%20holistically%20and%20have%20solutions%20to%20help%20you%20protect%20your%20endpoints%20and%20the%20resources%20that%20they%E2%80%99re%20accessing.%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22e975%22%20class%3D%22ln%20in%20gs%20ba%20io%20lo%20lp%20lq%20is%20lr%20ls%20lt%20iw%20lu%20lv%20lw%20ja%20lx%20ly%20lz%20je%20ma%20mb%20mc%20ji%20md%20ho%22%20data-selectable-paragraph%3D%22%22%20id%3D%22toc-hId--440124697%22%20id%3D%22toc-hId--440124695%22%3EQUICK%20LINKS%3A%3C%2FH2%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20jo%20ir%20jp%20jq%20jr%20iv%20js%20jt%20ju%20jv%20jw%20jx%20jy%20jz%20ka%20kb%20kc%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E%3CA%20class%3D%22bv%20kg%22%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DV8rAi7oWP2s%26amp%3Bt%3D76s%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E01%3A16%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%E2%80%94%20Register%20your%20endpoints%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E%3CA%20class%3D%22bv%20kg%22%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DV8rAi7oWP2s%26amp%3Bt%3D109s%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E01%3A49%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%E2%80%94%20Configure%20and%20enforce%20compliance%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E%3CA%20class%3D%22bv%20kg%22%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DV8rAi7oWP2s%26amp%3Bt%3D151s%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E02%3A31%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%E2%80%94%20Search%20policies%20with%20new%20settings%20catalog%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E%3CA%20class%3D%22bv%20kg%22%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DV8rAi7oWP2s%26amp%3Bt%3D195s%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E03%3A15%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%E2%80%94%20Group%20Policy%20analytics%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E%3CA%20class%3D%22bv%20kg%22%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DV8rAi7oWP2s%26amp%3Bt%3D240s%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E04%3A00%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%E2%80%94%20Microsoft%20Defender%20for%20Endpoint%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E%3CA%20class%3D%22bv%20kg%22%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DV8rAi7oWP2s%26amp%3Bt%3D276s%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E04%3A36%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%E2%80%94%20Microsoft%20Cloud%20App%20Security%20(MCAS)%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E%3CA%20class%3D%22bv%20kg%22%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DV8rAi7oWP2s%26amp%3Bt%3D396s%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E06%3A36%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%E2%80%94%20Reverse%20proxy%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E%3CA%20class%3D%22bv%20kg%22%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DV8rAi7oWP2s%26amp%3Bt%3D426s%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E07%3A06%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%E2%80%94%20Authentication%20context%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E%3CA%20class%3D%22bv%20kg%22%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DV8rAi7oWP2s%26amp%3Bt%3D524s%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E08%3A44%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FA%3E%E2%80%94%20Anomaly%20detection%20policies%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E%3CA%20class%3D%22bv%20kg%22%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DV8rAi7oWP2s%26amp%3Bt%3D561s%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E09%3A21%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%E2%80%94%20Wrap%20up%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%220c68%22%20class%3D%22ln%20in%20gs%20ba%20io%20lo%20lp%20lq%20is%20lr%20ls%20lt%20iw%20lu%20lv%20lw%20ja%20lx%20ly%20lz%20je%20ma%20mb%20mc%20ji%20md%20ho%22%20data-selectable-paragraph%3D%22%22%20id%3D%22toc-hId-2047388136%22%20id%3D%22toc-hId-2047388138%22%3ELink%20References%3A%3C%2FH2%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20jo%20ir%20jp%20jq%20jr%20iv%20js%20jt%20ju%20jv%20jw%20jx%20jy%20jz%20ka%20kb%20kc%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3EFor%20more%20on%20our%20series%2C%20keep%20checking%20back%20to%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20class%3D%22bv%20kg%22%20href%3D%22https%3A%2F%2Faka.ms%2FZeroTrustMechanics%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2FZeroTrustMechanics%3C%2FA%3E%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3EWatch%20our%20Zero%20Trust%20Identity%20episode%20at%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20class%3D%22bv%20kg%22%20href%3D%22https%3A%2F%2Faka.ms%2FIdentityMechanics%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2FIdentityMechanics%3C%2FA%3E%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3ELearn%20more%20about%20the%20Zero%20Trust%20approach%20at%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20class%3D%22bv%20kg%22%20href%3D%22https%3A%2F%2Faka.ms%2Fzerotrust%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2Fzerotrust%3C%2FA%3E%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%224104%22%20class%3D%22ln%20in%20gs%20ba%20io%20lo%20lp%20lq%20is%20lr%20ls%20lt%20iw%20lu%20lv%20lw%20ja%20lx%20ly%20lz%20je%20ma%20mb%20mc%20ji%20md%20ho%22%20data-selectable-paragraph%3D%22%22%20id%3D%22toc-hId-239933673%22%20id%3D%22toc-hId-239933675%22%3EUnfamiliar%20with%20Microsoft%20Mechanics%3F%3C%2FH2%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20jo%20ir%20jp%20jq%20jr%20iv%20js%20jt%20ju%20jv%20jw%20jx%20jy%20jz%20ka%20kb%20kc%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3EWe%20are%20Microsoft%E2%80%99s%20official%20video%20series%20for%20IT.%20You%20can%20watch%20and%20share%20valuable%20content%20and%20demos%20of%20current%20and%20upcoming%20tech%20from%20the%20people%20who%20build%20it%20at%20Microsoft.%3C%2FP%3E%0A%3CUL%20class%3D%22%22%3E%0A%3CLI%20id%3D%220a88%22%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20me%20mf%20mg%20ho%22%20data-selectable-paragraph%3D%22%22%3ESubscribe%20to%20our%20YouTube%3A%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20class%3D%22bv%20kg%22%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fc%2FMicrosoftMechanicsSeries%3Fsub_confirmation%3D1%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fwww.youtube.com%2Fc%2FMicrosoftMechanicsSeries%3Fsub_confirmation%3D1%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%20id%3D%221fb8%22%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20mh%20ir%20jp%20jq%20mi%20iv%20js%20jt%20mj%20jv%20jw%20jx%20mk%20jz%20ka%20kb%20ml%20kd%20ke%20kf%20me%20mf%20mg%20ho%22%20data-selectable-paragraph%3D%22%22%3EJoin%20us%20on%20the%20Microsoft%20Tech%20Community%3A%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20class%3D%22bv%20kg%22%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-mechanics-blog%2Fbg-p%2FMicrosoftMechanicsBlog%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-mechanics-blog%2Fbg-p%2FMicrosoftMechanicsBlog%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%20id%3D%225d76%22%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20mh%20ir%20jp%20jq%20mi%20iv%20js%20jt%20mj%20jv%20jw%20jx%20mk%20jz%20ka%20kb%20ml%20kd%20ke%20kf%20me%20mf%20mg%20ho%22%20data-selectable-paragraph%3D%22%22%3EWatch%20or%20listen%20via%20podcast%20here%3A%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20class%3D%22bv%20kg%22%20href%3D%22https%3A%2F%2Fmicrosoftmechanics.libsyn.com%2Fwebsite%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fmicrosoftmechanics.libsyn.com%2Fwebsite%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%227025%22%20class%3D%22ln%20in%20gs%20ba%20io%20lo%20lp%20lq%20is%20lr%20ls%20lt%20iw%20lu%20lv%20lw%20ja%20lx%20ly%20lz%20je%20ma%20mb%20mc%20ji%20md%20ho%22%20data-selectable-paragraph%3D%22%22%20id%3D%22toc-hId--1567520790%22%20id%3D%22toc-hId--1567520788%22%3EKeep%20getting%20this%20insider%20knowledge%2C%20join%20us%20on%20social%3A%3C%2FH2%3E%0A%3CUL%20class%3D%22%22%3E%0A%3CLI%20id%3D%22de78%22%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20jo%20ir%20jp%20jq%20jr%20iv%20js%20jt%20ju%20jv%20jw%20jx%20jy%20jz%20ka%20kb%20kc%20kd%20ke%20kf%20me%20mf%20mg%20ho%22%20data-selectable-paragraph%3D%22%22%3EFollow%20us%20on%20Twitter%3A%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20class%3D%22bv%20kg%22%20href%3D%22https%3A%2F%2Ftwitter.com%2FMSFTMechanics%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Ftwitter.com%2FMSFTMechanics%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%20id%3D%22d924%22%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20mh%20ir%20jp%20jq%20mi%20iv%20js%20jt%20mj%20jv%20jw%20jx%20mk%20jz%20ka%20kb%20ml%20kd%20ke%20kf%20me%20mf%20mg%20ho%22%20data-selectable-paragraph%3D%22%22%3EFollow%20us%20on%20LinkedIn%3A%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20class%3D%22bv%20kg%22%20href%3D%22https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fmicrosoft-mechanics%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fmicrosoft-mechanics%2F%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%20id%3D%223615%22%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20mh%20ir%20jp%20jq%20mi%20iv%20js%20jt%20mj%20jv%20jw%20jx%20mk%20jz%20ka%20kb%20ml%20kd%20ke%20kf%20me%20mf%20mg%20ho%22%20data-selectable-paragraph%3D%22%22%3EFollow%20us%20on%20Facebook%3A%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20class%3D%22bv%20kg%22%20href%3D%22https%3A%2F%2Ffacebook.com%2Fmicrosoftmechanics%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Ffacebook.com%2Fmicrosoftmechanics%2F%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CHR%20%2F%3E%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FSECTION%3E%0A%3CDIV%20class%3D%22n%20p%20cz%20mm%20mn%20mo%22%20role%3D%22separator%22%3E%3CSPAN%20style%3D%22color%3A%20inherit%3B%20font-family%3A%20inherit%3B%20font-size%3A%2024px%3B%22%3EVideo%20Transcript%3A%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CSECTION%20class%3D%22dp%20gn%20go%20dk%20gp%22%3E%0A%3CDIV%20class%3D%22n%20p%22%3E%0A%3CDIV%20class%3D%22ap%20aq%20ar%20as%20at%20gq%20av%20w%22%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20jo%20ir%20jp%20jq%20jr%20iv%20js%20jt%20ju%20jv%20jw%20jx%20jy%20jz%20ka%20kb%20kc%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E-Welcome%20back%20to%20our%20series%20on%20Zero%20Trust%20on%20Microsoft%20Mechanics.%20In%20our%20Essentials%20episode%2C%20we%20gave%20a%20high-level%20overview%20of%20the%20principles%20of%20the%20Zero%20Trust%20security%20model%2C%20spanning%20identity%2C%20endpoints%2C%20applications%2C%20networks%2C%20infrastructure%20and%20data.%20Now%20in%20this%20episode%20we%E2%80%99re%20going%20to%20take%20a%20closer%20look%20at%20how%20you%20can%20apply%20Zero%20Trust%20principles%20and%20policies%20to%20your%20endpoints%20and%20apps.%20And%20these%20are%20the%20conduits%20for%20users%20to%20access%20your%20data%2C%20your%20network%20and%20resources.%20We%E2%80%99re%20going%20to%20walk%20you%20through%20all%20your%20options%2C%20your%20controls%20and%20even%20recent%20updates%20as%20you%20implement%20the%20Zero%20Trust%20security%20model.%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E-So%20in%20Zero%20Trust%20endpoints%20refers%20to%20the%20devices%20that%20people%20use%20every%20day.%20Now%20these%20can%20be%20both%20corporate%20or%20personally-owned%20computers%20and%20mobile%20devices.%20And%20in%20an%20era%20of%20remote%20work%2C%20they%20can%20also%20be%20connected%20from%20anywhere.%20This%20means%20that%20the%20controls%20that%20you%20apply%20should%20be%20correlated%20to%20the%20level%20of%20risk%20that%20those%20endpoints%20pose.%20And%20for%20even%20corporate%20managed%20endpoints%20that%20are%20running%20within%20your%20firewall%20or%20your%20VPN%2C%20you%E2%80%99ll%20still%20want%20to%20apply%20the%20principles%20of%20Zero%20Trust%3A%20to%20verify%20explicitly%2C%20apply%20least%20privileged%20access%2C%20and%20assume%20breach.%20Now%2C%20the%20good%20news%20here%20is%20that%20we%E2%80%99ve%20thought%20about%20the%20endpoint%20attack%20vectors%20holistically%20and%20have%20solutions%20to%20help%20you%20protect%20your%20endpoints%20and%20the%20resources%20that%20they%E2%80%99re%20accessing.%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E-First%2C%20as%20we%E2%80%99ve%20highlighted%20in%20the%20identity%20episode%20that%20you%20can%20watch%20aka.ms%2FIdentityMechanics%2C%20your%20endpoints%20should%20be%20registered%20with%20your%20centralized%20identity%20provider.%20Now%2C%20here%20Azure%20Active%20Directory%20serves%20as%20the%20front%20door%20for%20your%20device%20endpoints%20and%20beyond%20device%20assessment%20at%20sign-in%20with%20conditional%20access%20with%20managed%20and%20unmanaged%20devices%2C%20it%20also%20enables%20devices%20to%20register%20or%20join%20your%20directory%20service.%20Now%20this%20relationship%20between%20the%20endpoint%20and%20the%20identity%20provider%20ultimately%20allows%20for%20deeper%20policy%20management%20and%20control.%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E-Next%2C%20to%20configure%20and%20enforce%20device%20compliance%2C%20Microsoft%20Endpoint%20Manager%20includes%20the%20services%20and%20tools%20that%20you%20need%20to%20manage%20and%20monitor%20mobile%20devices%2C%20desktop%20computers%2C%20virtual%20machines%20and%20even%20servers.%20Now%20it%20comprises%20Microsoft%20Intune%20is%20a%20cloud-based%20mobile%20device%20management%20service%20and%20Configuration%20Manager%20as%20an%20on-premises%20management%20solution.%20Microsoft%20Endpoint%20Manager%20offers%20a%20comprehensive%20set%20of%20policies%2C%20spanning%20MDM%20and%20ADMX-backed%20policies%20that%20power%20Active%20Directory%20group%20policy%2C%20as%20you%20can%20see%20here%20with%20these%20policies%20that%20are%20labeled%20administrative%20templates%2C%20as%20well%20as%20deep%20integration%20with%20Azure%20Active%20Directory%20and%20Microsoft%20Defender%20for%20endpoint%2C%20for%20defense%20in-depth%20controls.%20In%20fact%2C%20now%20when%20you%20create%20a%20device%20configuration%20profile%2C%20you%20can%20search%20across%20all%20policy%20providers%20supported%20by%20Microsoft%20Endpoint%20Manager%20using%20the%20new%20settings%20catalog.%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E-For%20example%2C%20if%20I%20search%20here%20for%20script%2C%20I%E2%80%99m%20going%20to%20find%20all%20the%20policies%20related%20to%20scripting.%20You%E2%80%99ll%20see%20the%20policies%20are%20from%20multiple%20providers.%20And%20I%E2%80%99ll%20choose%20Defender%20here%20and%20select%20all%20of%20them.%20And%20I%E2%80%99ll%20go%20ahead%20and%20choose%20to%20block%20all%20of%20the%20ones%20here%2C%20one-by-one.%20And%20then%20I%E2%80%99ll%20move%20to%20the%20next%20step.%20And%20now%20with%20the%20new%20device%20filters%2C%20we%20can%20even%20choose%20only%20to%20scope%20the%20policy%20to%20corporate-owned%20devices.%20Additionally%2C%20Microsoft%20Endpoint%20Manager%20includes%20policies%20to%20require%20local%20drive%20encryption%20across%20platforms%2C%20along%20with%20secure%20boot%20and%20code%20integrity%20on%20Windows%20to%20keep%20your%20devices%20safe.%20If%20you%E2%80%99re%20using%20Active%20Directory%20group%20policy%2C%20Endpoint%20Manager%E2%80%99s%20Group%20Policy%20analytics%20assesses%20your%20GPOs%20then%20it%20helps%20you%20to%20migrate%20your%20settings%20to%20the%20Cloud.%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E-And%20this%20even%20works%20for%20third-party%20policy%20templates.%20So%20for%20example%2C%20here%20with%20this%20one%20called%20Chrome%20GPO%2C%20I%E2%80%99ve%20already%20imported%20the%20policies%20in%20my%20XML%20file%20and%20you%20can%20see%20that%20Endpoint%20Manager%E2%80%99s%20already%20matched%20those%20policies%2C%20in%20this%20case%20matched%20them%20to%20Edge%2C%20and%20everything%20looks%20good.%20So%20I%E2%80%99m%20going%20to%20go%20ahead%20and%20migrate%20them.%20And%20I%E2%80%99ll%20select%20each%20of%20the%20items%20one%20by%20one.%20There%20we%20go%2C%20and%20I%E2%80%99ll%20give%20it%20a%20name.%20And%20now%20I%20can%20assign%20the%20policy%20to%20my%20groups%20and%20I%E2%80%99ll%20add%20all%20devices%20in%20my%20case.%20And%20now%20I%20can%20publish%20out%20that%20policy.%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E-Now%20with%20devices%20under%20management%2C%20Microsoft%20Endpoint%20Manager%20enables%20you%20to%20install%20required%20apps%20on%20devices%20across%20most%20common%20platforms.%20Next%2C%20with%20your%20devices%20under%20management%20in%20the%20Endpoint%20security%20blade%20of%20MEM%2C%20under%20Microsoft%20Defender%20for%20Endpoint%2C%20you%E2%80%99ll%20see%20the%20service%20can%20be%20distributed%20to%20your%20desktop%20and%20mobile%20platforms.%20This%20will%20provide%20preventative%20protection%2C%20post-breach%20detection%2C%20automated%20investigation%20and%20response.%20With%20Defender%20in%20place%2C%20if%20devices%20are%20impacted%20by%20security%20incidents%2C%20your%20SecOps%20team%20can%20easily%20identify%20how%20to%20remediate%20issues%20even%20as%20you%20can%20see%20here%2C%20pass%20the%20required%20configuration%20changes%20to%20you%2C%20the%20device%20management%20team%2C%20using%20Endpoint%20Manager%20so%20that%20you%20can%20make%20the%20changes%20and%20that%20status%20will%20even%20get%20passed%20back%20to%20your%20SecOps%20team.%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E-So%20those%20are%20just%20some%20of%20the%20controls%20for%20endpoints%20and%20locally%20installed%20applications.%20But%20for%20comprehensive%20management%20of%20app%20experiences%2C%20the%20Zero%20Trust%20security%20model%20needs%20to%20be%20applied%20to%20all%20of%20your%20apps.%20Now%20Microsoft%20Cloud%20App%20Security%2C%20or%20MCAS%2C%20is%20a%20cloud%20access%20security%20broker.%20Now%20that%20helps%20you%20extend%20real-time%20controls%20to%20any%20app%20in%20any%20browser%2C%20as%20well%20as%20comprehensively%20discover%2C%20secure%2C%20control%20and%20provide%20threat%20protection%20and%20detection%20across%20your%20app%20ecosystem.%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E-Let%E2%80%99s%20start%20with%20Shadow%20IT%20and%20how%20MCAS%20can%20help%20you%20apply%20the%20Zero%20Trust%20principles%20of%20verify%20explicitly%20and%20assume%20breach%20to%20avoid%20the%20use%20of%20unsanctioned%20apps%20that%20have%20not%20been%20verified%20for%20your%20organization%20that%20may%20introduce%20risk.%20Now%2C%20MCAS%20gives%20you%20the%20visibility%20into%20the%20cloud%20apps%20and%20services%20used%20in%20your%20organization%20and%20it%20assesses%20them%20for%20risk%20and%20provides%20sophisticated%20analytics.%20You%20can%20then%20use%20this%20to%20make%20informed%20decisions%20about%20whether%20you%20want%20to%20sanction%20the%20apps%20that%20you%20discover%20or%20block%20them%20from%20being%20accessed.%20MCAS%20discovery%20will%20continually%20assess%20the%20apps%20and%20services%20that%20people%20are%20using%20and%20it%20also%20enables%20discovery%20of%20apps%20running%20on%20your%20endpoints%20via%20its%20integration%20with%20Microsoft%20Defender%20for%20Endpoint.%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E-So%20here%20I%E2%80%99ll%20take%20a%20look%20at%20an%20app%2C%20File%20Dropper%2C%20and%20you%20can%20see%20that%20it%20has%20a%20score%20of%20two%20out%20of%2010.%20I%E2%80%99m%20going%20to%20click%20into%20it%20and%20you%20can%20see%20all%20the%20details%20about%20the%20app%20and%20what%20it%20is%2C%20security%20related%20considerations%2C%20compliance%20and%20legal%20information.%20Additionally%2C%20if%20I%20drill%20into%20users%2C%20you%E2%80%99ll%20see%20that%20each%20discovered%20app%20gives%20specifics%20on%20users%2C%20their%20IP%20addresses%2C%20total%20data%20transacted%2C%20as%20well%20as%20the%20risk%20level%20by%20area.%20Now%2C%20once%20you%E2%80%99ve%20discovered%20your%20apps%20and%20assessed%20their%20risks%2C%20you%20can%20then%20take%20action.%20You%20can%20sanction%20apps%20and%20manage%20them%20more%20tightly%20with%20the%20controls%20that%20we%E2%80%99ll%20show%20in%20the%20next%20section%20or%20block%20unsanctioned%20apps%20outright.%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E-Once%20you%E2%80%99ve%20sanctioned%20the%20applications%20that%20you%20want%20employees%20to%20use%2C%20layer%20on%20the%20Zero%20Trust%20principle%20of%20least%20privileged%20access%2C%20you%E2%80%99ll%20then%20use%20policy%20to%20protect%20information%20that%20resides%20in%20them%20and%20detect%20potential%20threats%20in%20your%20environment.%20Now%2C%20web%20apps%20configured%20with%20an%20identity%20provider%20can%20be%20connected%20via%20reverse%20proxy%20to%20enable%20real-time%20in-session%20controls.%20And%20applications%20with%20enterprise-grade%20APIs%20can%20also%20be%20connected%20to%20Cloud%20App%20Security%20to%20monitor%20files%20and%20activities%20in%20those%20cloud%20apps.%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E-The%20reverse%20proxy%20service%20in%20MCAS%20is%20easily%20integrated%20with%20conditional%20access%20policies%20that%20you%20set%20in%20Azure%20Active%20Directory%20to%20enable%20granular%20control%20over%20in-session%20activities.%20For%20example%2C%20like%20the%20ability%20to%20download%20or%20upload%20sensitive%20information.%20Additionally%20features%20like%20auth%20context%2C%20which%20are%20natively%20integrated%20with%20Office%20365%20apps%20like%20SharePoint%20Online%2C%20are%20extended%20to%20any%20web%20app.%20Now%20this%20enforces%20controls%20like%20step-up%20multi-factor%20authentication%20in%20session%20while%20attempting%20to%20download%20sensitive%20data%2C%20like%20you%20can%20see%20here%20with%20our%20policy%20for%20Google%20Workspace.%20This%20means%20that%20you%20can%20work%20as%20usual%20and%20access%20content%20from%20any%20expected%20location%20or%20device.%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E-But%20for%20example%2C%20if%20I%20change%20location%20to%20a%20coffee%20shop%3B%20in%20this%20case%2C%20I%E2%80%99ll%20try%20to%20download%20a%20sensitive%20file%2C%20then%20authentication%20context%20will%20kick%20in.%20It%E2%80%99ll%20reevaluate%20my%20session%20due%20to%20that%20new%20security%20risk%20that%E2%80%99s%20associated%20with%20the%20IP%20address%20change.%20And%20as%20you%20can%20see%20here%2C%20requires%20another%20factor%20of%20authentication%20with%20this%20message%20security%20check%20required.%20Popular%20third-party%20applications%20can%20also%20be%20directly%20integrated%20by%20our%20API-based%20app%20connectors%20to%20MCAS.%20So%20MCAS%20leverages%20Microsoft%20Information%20Protection%20as%20part%20of%20its%20data%20loss%20prevention%20capabilities.%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E-So%20let%E2%80%99s%20configure%20another%20policy%2C%20and%20this%20time%20a%20file%20policy%20for%20Google%20Workspace.%20In%20the%20policy%2C%20you%20can%20set%20different%20kinds%20of%20filters%2C%20such%20as%20access%20level%20and%20the%20application%20that%20you%20want%20to%20scope%20the%20policy%20to%20and%20you%20can%20choose%20to%20apply%20this%20to%20all%20files%2C%20selected%20folders%20or%20more.%20Now%20in%20this%20case%2C%20our%20goal%20is%20to%20make%20sure%20that%20any%20files%20that%20have%20sensitive%20information%20are%20labeled%20for%20our%20company%E2%80%99s%20compliance%20policies.%20So%20for%20inspection%2C%20we%E2%80%99ll%20use%20the%20same%20DLP%20engine%20that%20Office%20365%20uses%2C%20the%20data%20classification%20service.%20And%20that%E2%80%99s%20going%20to%20look%20for%20sensitive%20content%20like%20social%20security%20numbers%2C%20for%20example.%20And%20we%E2%80%99ll%20create%20an%20alert%20for%20each%20policy%20match%20and%20in%20governance%20actions%20we%E2%80%99ll%20apply%20a%20sensitive%20label%20if%20the%20file%20matches%20our%20policy.%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E-And%20finally%2C%20MCAS%20has%20built-in%20anomaly%20detection%20policies%20to%20monitor%20user%20interactions%20with%20individual%20applications%20regardless%20of%20how%20you%E2%80%99ve%20connected%20those%20apps%20to%20Cloud%20App%20Security.%20Now%20these%20detections%20range%20from%20suspicious%20admin%20activity%20to%20triggering%20a%20mass%20download%20alert.%20Now%20MCAS%20establishes%20baseline%20patterns%20for%20user%20behavior%20and%20can%20trigger%20alerts%20or%20actions%20once%20an%20anomaly%20is%20detected.%20Additionally%2C%20MCAS%20offers%20Cloud%20Security%20Posture%20Management%2C%20or%20CSPM%2C%20and%20here%20the%20security%20configuration%20screen%20helps%20you%20improve%20the%20security%20posture%20across%20clouds%20with%20recommendations.%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22jk%20jl%20gs%20jm%20b%20jn%20lh%20ir%20jp%20jq%20li%20iv%20js%20jt%20lj%20jv%20jw%20jx%20lk%20jz%20ka%20kb%20ll%20kd%20ke%20kf%20dp%20ho%22%20data-selectable-paragraph%3D%22%22%3E-So%20that%20was%20a%20tour%20of%20your%20endpoint%20and%20application%20management%20options%20and%20your%20considerations%20when%20moving%20to%20the%20Zero%20Trust%20security%20model.%20Up%20next%2C%20we%E2%80%99re%20going%20to%20explore%20your%20options%20for%20networks%2C%20infrastructure%20and%20data.%20And%20keep%20checking%20back%20to%20aka.ms%2FZeroTrustMechanics%20for%20more%20on%20our%20series%20where%20I%20share%20tips%20and%20hands-on%20demonstrations%20of%20the%20tools%20for%20implementing%20the%20Zero%20Trust%20security%20model%20across%20all%20six%20layers%20of%20defense.%20And%20you%20can%20learn%20more%20at%20aka.ms%2Fzerotrust.%20Thanks%20for%20watching.%3C%2FP%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FSECTION%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2436192%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3ESee%20how%20you%20can%20apply%20Zero%20Trust%20principles%20and%20policies%20to%20your%20endpoints%20and%20apps.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2436192%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EZero%20Trust%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Version history
Last update:
‎Jun 10 2021 10:33 AM
Updated by: