The Microsoft Sentinel: Zero Trust (TIC 3.0) Workbook was released earlier this year with an overwhelmingly positive reception from our user community. We are announcing the next evolution of this content in the Microsoft Sentinel: Zero Trust (TIC 3.0) Solution. This content features a redesigned user interface, new control card layouts, dozens of new visualizations, better-together integrations with Microsoft Defender for Cloud for assessments and alerting rules to actively monitor/alert on compliance posture deviations across each TIC 3.0 control family.
This solution enables governance and compliance teams to design, build, monitor, and respond to Zero Trust (TIC 3.0) requirements across 25+ Microsoft products. The solution includes the new Zero Trust (TIC 3.0) Workbook, (11) Analytics Rules, and (1) Playbook. While only Microsoft Sentinel is required to get started, the solution is enhanced with numerous Microsoft offerings, including, but not limited to:
What is Zero Trust?
Zero Trust is a proactive, integrated approach to security that explicitly and continuously verifies every transaction, asserts least privilege, and relies on intelligence, advanced detection, and real-time response to threats, across all layers of the digital estate. The core to Zero Trust strategy is strict access control. This concept is critical to prevent attackers from pivoting laterally and elevating access within an environment. At Microsoft, we define Zero Trust around those three principles.
What is Trusted Internet Connections (TIC 3.0)?
Trusted Internet Connections (TIC) is a federal cybersecurity initiative to enhance network and perimeter security across the United States federal government. The TIC initiative is a collaborative effort between the Office of Management and Budget (OMB), the Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), and the General Services Administration (GSA). The TIC 3.0: Volume 3 Security Capabilities Handbook provides various security controls, applications, and best practices for risk management in federal information systems.
Content Use Cases
Microsoft Sentinel: Zero Trust (TIC 3.0) Workbook: The Microsoft Sentinel Zero Trust (TIC 3.0) workbook provides a mechanism for viewing log queries, azure resource graph, metrics, and policies aligned to Zero Trust (TIC 3.0) controls across 25+ Microsoft products across Azure, Office365, Windows, and many more. This workbook enables Compliance Professionals, Security Architects, Engineers, SecOps Analysts, Managers, and IT Pros to gain situational awareness visibility for the security posture of cloud workloads. There are also recommendations for selecting, designing, deploying, and configuring Microsoft offerings for alignment with respective Zero Trust and TIC 3.0 requirements.
Microsoft Sentinel: Zero Trust (TIC 3.0) Analytics Rules: (11) new analytics rules aligned to actively monitoring Zero Trust (TIC 3.0) posture by control family. Thresholds are customizable for alerting compliance teams to changes in posture. For example, suppose your workload's resiliency posture falls below 70% in a week. In that case, an alert is generated detailing respective policy status (passing & failing), assets identified, last assessment time, and deep links to Microsoft Defender for Cloud for remediations.
Playbook: Notify Governance Compliance Team provides the capability to automatically monitor Zero Trust (TIC 3.0) posture and notify the Governance Compliance team of deviations with the relevant details in both email and Microsoft Teams messages.
This content is designed to provide the foundation for designing, building, and monitoring workload compliance within Zero Trust and TIC 3.0 requirements. Below are the steps to onboard required dependencies, enable connectors, review content, and provide feedback.
Frequently Asked Questions
Learn More About Zero Trust with Microsoft Security
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.