Overview – Apply Zero Trust principles to Azure services

Summary: To apply Zero Trust principles to Azure services, you need to determine the set of infrastructure components required to support your desired workload, and then apply Zero Trust principles to those components.

This series of articles helps you apply the principles of Zero Trust to your services in Microsoft Azure using a multi-disciplinary methodology. Zero Trust is a security strategy. It is not a product or a service, but an approach in designing and implementing the following set of security principles:

  • Verify explicitly
  • Use least privileged access
  • Assume breach

Implementing the Zero Trust “never trust, always verify” approach requires changes to cloud infrastructure, deployment strategy, and implementation.

These articles show you how to apply Zero Trust approach to these new or already deployed Azure services:

Content architecture

Here is the content architecture for this set of articles that contain the set of platform and workload articles to apply Zero Trust principles to Azure services.

The stack diagram for the set of articles that describe how you apply Zero Trust to Azure services, starting at the bottom of the stack and moving up to the desired workload.

You apply the guidance in the articles in a stack from the bottom up.

Workload Platform set of articles (from the bottom up)
IaaS apps in Amazon Web Services (AWS)
  • Cloud identity infrastructure
  • Microsoft Sentinel and Microsoft Defender XDR
Spoke VNet with Azure IaaS services
  • Cloud identity infrastructure
  • Microsoft Sentinel and Microsoft Defender XDR
  • Hub VNets (traditional) OR Azure Virtual WAN (Microsoft-managed)
  • Storage
Azure Virtual Desktop or virtual machines
  • Cloud identity infrastructure
  • Microsoft Sentinel and Microsoft Defender XDR
  • Hub VNets (traditional) OR Azure Virtual WAN (Microsoft-managed)
  • Storage
  • Spoke VNet with Azure IaaS services

It’s important to note that the guidance in this series of articles is more specific for this type of architecture than the guidance provided in the Cloud Adoption Framework and Azure landing zone architectures. If you have applied the guidance in either of these resources, be sure to also review this series of articles for additional recommendations.

Additional articles for Azure services

Take a look at these additional articles for applying Zero Trust principles to Azure services:

See these additional articles for applying Zero Trust principles to Azure networking:

References

Refer to the links below to learn about the various services and technologies mentioned in this article.

Additional Zero Trust documentation

Use additional Zero Trust content based on a documentation set or the roles in your organization.

Documentation set

Follow this table for the best Zero Trust documentation sets for your needs.

Documentation set Helps you... Roles
Adoption framework for phase and step guidance for key business solutions and outcomes Apply Zero Trust protections from the C-suite to the IT implementation. Security architects, IT teams, and project managers
Concepts and deployment objectives for general deployment guidance for technology areas Apply Zero Trust protections aligned with technology areas. IT teams and security staff
Zero Trust for small businesses Apply Zero Trust principles to small business customers. Customers and partners working with Microsoft 365 for business
Zero Trust Rapid Modernization Plan (RaMP) for project management guidance and checklists for easy wins Quickly implement key layers of Zero Trust protection. Security architects and IT implementers
Zero Trust deployment plan with Microsoft 365 for stepped and detailed design and deployment guidance Apply Zero Trust protections to your Microsoft 365 tenant. IT teams and security staff
Zero Trust for Microsoft Copilots for stepped and detailed design and deployment guidance Apply Zero Trust protections to Microsoft Copilots. IT teams and security staff
Partner integration with Zero Trust for design guidance for technology areas and specializations Apply Zero Trust protections to partner Microsoft cloud solutions. Partner developers, IT teams, and security staff
Develop using Zero Trust principles for application development design guidance and best practices Apply Zero Trust protections to your application. Application developers

Your role

Follow this table for the best documentation sets for your role in your organization.

Role Documentation set Helps you...
Security architect

IT project manager

IT implementer
Adoption framework for phase and step guidance for key business solutions and outcomes Apply Zero Trust protections from the C-suite to the IT implementation.
Member of an IT or security team Concepts and deployment objectives for general deployment guidance for technology areas Apply Zero Trust protections aligned with technology areas.
Customer or partner for Microsoft 365 for business Zero Trust for small businesses Apply Zero Trust principles to small business customers.
Security architect

IT implementer
Zero Trust Rapid Modernization Plan (RaMP) for project management guidance and checklists for easy wins Quickly implement key layers of Zero Trust protection.
Member of an IT or security team for Microsoft 365 Zero Trust deployment plan with Microsoft 365 for stepped and detailed design and deployment guidance for Microsoft 365 Apply Zero Trust protections to your Microsoft 365 tenant.
Member of an IT or security team for Microsoft Copilots Zero Trust for Microsoft Copilots for stepped and detailed design and deployment guidance Apply Zero Trust protections to Microsoft Copilots.
Partner developer or member of an IT or security team Partner integration with Zero Trust for design guidance for technology areas and specializations Apply Zero Trust protections to partner Microsoft cloud solutions.
Application developer Develop using Zero Trust principles for application development design guidance and best practices Apply Zero Trust protections to your application.