{"id":91227,"date":"2020-06-15T13:45:23","date_gmt":"2020-06-15T20:45:23","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/?p=91227"},"modified":"2023-09-26T08:42:29","modified_gmt":"2023-09-26T15:42:29","slug":"zero-trust-part-1-networking","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/06\/15\/zero-trust-part-1-networking\/","title":{"rendered":"Zero Trust\u2014Part 1: Networking"},"content":{"rendered":"\n<p>Enterprises used to be able to secure their corporate perimeters with traditional network controls and feel confident that they were keeping hackers out. However, in a mobile- and cloud-first world, in which the rate and the sophistication level of security attacks are increasing, they can no longer rely on this approach. Taking a <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/zero-trust\" target=\"_blank\" rel=\"noopener noreferrer\">Zero Trust<\/a> approach can help to ensure optimal security without compromising end user application experiences.<\/p>\n\n\n\n<p>Microsoft has a long history of working with customers on how to protect against a broad range of security attacks and we are one of the largest producers of threat intelligence built on the variety of data that flows through our network.<\/p>\n\n\n\n<p>Today, I\u2019d like to share how you can be successful implementing the Zero Trust model by rethinking your network strategy. Here\u2019s a video that will give you a quick overview:<\/p>\n\n\n<figure class=\"wp-block wp-block-embed is-provider-embed-handler wp-block-embed-embed-handler wp-embed-aspect-16-9 wp-has-aspect-ratio wp-block-embed-red-tiger\">\n\t<div\n\t\tclass=\"wp-block-embed-red-tiger__wrapper\"\n\t\tstyle=\"--video-width: 840px;--video-height: 482px\"\n\t>\n\t\t<div class=\"wp-block-embed-red-tiger__iframe-wrapper\">\n\t\t\t<iframe\n\t\t\t\tclass=\"iframe--custom-width\"\n\t\t\t\theight=\"482\"\n\t\t\t\ttitle=\"Embed video from Microsoft.com\"\n\t\t\t\twidth=\"840\"\n\t\t\t\tsrc=\"https:\/\/www.microsoft.com\/en-us\/videoplayer\/embed\/RE4wDEw\"\n\t\t\t\tallow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\"\n\t\t\t\tallowfullscreen\n\t\t\t><\/iframe>\n\t\t<\/div>\n\t<\/div>\n\t<\/figure>\n\n\n\n<p>Over a series of three blogs (of which this is the first), we will take a deeper dive into the aspects of the <strong>Networking<\/strong> pillar in the Microsoft <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/zero-trust\" target=\"_blank\" rel=\"noopener noreferrer\">Zero Trust<\/a> security model. We will go through each of the dimensions listed (<em>network segmentation, threat protection, and encryption<\/em>) and show design patterns and helpful guidance on using Microsoft Azure services to achieve optimality.<\/p>\n\n\n\n<p>As mentioned in our <a href=\"http:\/\/aka.ms\/ztmodel\" target=\"_blank\" rel=\"noopener noreferrer\">Maturity Model paper<\/a>, all data is ultimately accessed over network infrastructure. Networking controls can provide critical \u201cin pipe\u201d controls to enhance visibility and help prevent attackers from moving laterally across the network. Networks should be segmented (including deep in network micro-segmentation) and real-time threat protection, end-to-end encryption, monitoring, and analytics should be employed.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Maturity model<\/h3>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"252\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2020\/06\/Zero-Trust-Network-1-1024x252.png\" alt=\"Maturity model.\" class=\"wp-image-91231\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/06\/Zero-Trust-Network-1-1024x252.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/06\/Zero-Trust-Network-1-300x74.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/06\/Zero-Trust-Network-1-768x189.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/06\/Zero-Trust-Network-1-1536x378.png 1536w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/06\/Zero-Trust-Network-1.png 1804w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>We will go over the first one, <em>network segmentation<\/em>, in this blog. One thing to keep in mind is that while moving straight from the traditional stage to optimal is ideal, most organizations will need to take a phased approach that generally follows along the maturity model journey.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">The need for network segmentation<\/h3>\n\n\n\n<p>If you refer to the three core principles (Verify Explicitly, Use Least Privilege Access, and Assume Breach), a Zero Trust approach encourages you to think that a security incident can happen anytime and you are always under attack. One of the things you want to be ready with is a setup that minimizes the blast radius of such an incident\u2014this is where segmenting your network while you design its layout becomes important. In addition, by implementing these software-defined perimeters with increasingly granular controls, you will increase the \u201ccost\u201d to attackers to propagate through your network and thereby dramatically reduce the lateral movement of threats.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Network segmentation in Azure<\/h3>\n\n\n\n<p>When you operate on Azure, you have a wide and diverse set of segmentation controls available to help create isolated environments. Here are the five basic controls that you can use to perform network segmentation in Azure:<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"419\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2020\/06\/Zero-Trust-Network-2-1024x419.png\" alt=\"Network segmentation in Azure\" class=\"wp-image-91232\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/06\/Zero-Trust-Network-2-1024x419.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/06\/Zero-Trust-Network-2-300x123.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/06\/Zero-Trust-Network-2-768x315.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/06\/Zero-Trust-Network-2-1536x629.png 1536w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/06\/Zero-Trust-Network-2.png 1814w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Segmentation patterns<\/h3>\n\n\n\n<p>There are three common segmentation patterns when it comes to organizing your workload in Azure:<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Single Virtual Network<\/li><li>Multiple Virtual Networks with peering<\/li><li>Multiple Virtual Networks in hub-and-spoke model<\/li><\/ol>\n\n\n\n<p>Each of these provide a different type of isolation and connectivity. As to which one works best for your organization is a planning decision based on your organization\u2019s needs. Here\u2019s where you can read about <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/architecture\/reference-architectures\/hybrid-networking\/network-level-segmentation\" target=\"_blank\" rel=\"noopener noreferrer\">Segmenting Virtual Networks<\/a> in more detail and learn how each of these models can be done using Azure Networking services.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">The internet boundary<\/h3>\n\n\n\n<p>Whether you are building a modern application in the cloud or you just migrated a set of applications to Azure, most applications require some ability to send and receive data to\/from the public internet. Any time you expose a resource to a network you increase threat risk, and with internet exposure this is further compounded by a large set of possible threats.<\/p>\n\n\n\n<p>The recommended approach in Azure is to use <a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/ddos-protection\/\" target=\"_blank\" rel=\"noopener noreferrer\">Azure DDoS Protection Service<\/a>, <a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/azure-firewall\/\" target=\"_blank\" rel=\"noopener noreferrer\">Azure Firewall<\/a>, and <a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/web-application-firewall\/\" target=\"_blank\" rel=\"noopener noreferrer\">Azure Web Application Firewall<\/a> to provide comprehensive threat protection. This setup of having an internet boundary using these services is important in a segmentation architecture since it essentially segments your application stack away from the internet while providing carefully inspected traffic to\/from it.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">The datacenter or on-premises network boundary<\/h3>\n\n\n\n<p>In addition to internet connectivity, your application stack on Azure might need connectivity back to your IT footprint in your on-premises datacenter(s) and\/or other public clouds. You have multiple options to achieve that: you can choose to have direct connectivity using <a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/expressroute\/\" target=\"_blank\" rel=\"noopener noreferrer\">Express Route<\/a>, use our <a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/vpn-gateway\/\" target=\"_blank\" rel=\"noopener noreferrer\">VPN Gateway<\/a>, or have a more unified distributed connectivity experience using <a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/virtual-wan\/\" target=\"_blank\" rel=\"noopener noreferrer\">Azure Virtual WAN<\/a>. The same concept of segmenting away your application stack applies here, so that any threats that might affect your datacenter or on-premises network will have a harder time propagating to your cloud platform (and vice-versa).<strong>&nbsp;<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">The PaaS services boundary<\/h3>\n\n\n\n<p>As with most modern applications, chances are that your application will be using one of the many platform-as-a-service (PaaS) offerings available on Azure. Some examples of PaaS services you may want your application to call into include <a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/storage\/\" target=\"_blank\" rel=\"noopener noreferrer\">Azure Storage<\/a>, <a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/sql-database\/\" target=\"_blank\" rel=\"noopener noreferrer\">Azure SQL Database<\/a>, and <a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/key-vault\/\" target=\"_blank\" rel=\"noopener noreferrer\">Azure KeyVault<\/a>. These are segmented away from your workload in an Azure virtual network since they run as a separate service built and operated by Azure.<\/p>\n\n\n\n<p>On top of this built-in segmentation of PaaS services, Azure also makes it possible for you to do all your interactions with these services in the private address space using <a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/private-link\/\" target=\"_blank\" rel=\"noopener noreferrer\">Azure PrivateLink<\/a>. This connectivity capability ensures that all your interactions with PrivateLink-enabled PaaS services are done securely and all data exchanged remains in the Microsoft Network.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"743\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2020\/06\/Zero-Trust-Network-3-1024x743.png\" alt=\"The PaaS services boundary.\" class=\"wp-image-91233\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/06\/Zero-Trust-Network-3-1024x743.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/06\/Zero-Trust-Network-3-300x218.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/06\/Zero-Trust-Network-3-768x557.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/06\/Zero-Trust-Network-3.png 1357w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">In closing<\/h3>\n\n\n\n<p>Networking represents a great opportunity to make meaningful headway in your <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/zero-trust\" target=\"_blank\" rel=\"noopener noreferrer\">Zero Trust<\/a> journey. Your Zero Trust efforts will not only help your security posture, but most efforts will also help you modernize your environment and improve organizational productivity. In this blog, we discussed how you can use networking services from Azure to build three types of segmentation patterns. In future blogs, we will dive deeper into how you can do the same for threat protection and encryption, the other two dimensions in the networking pillar described in our <a href=\"https:\/\/go.microsoft.com\/fwlink\/p\/?linkid=2109181\" target=\"_blank\" rel=\"noopener noreferrer\">Zero Trust vision paper<\/a>. In the meantime, we also invite you to <a href=\"https:\/\/myignite.techcommunity.microsoft.com\/sessions\/81969?source=sessions\" target=\"_blank\" rel=\"noopener noreferrer\">watch our Ignite session<\/a> to get additional information about network security offerings from Azure.<\/p>\n\n\n\n<p>Make sure to check out the other deployment guides in the series by following the <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft Security blog<\/a>. For more information on Microsoft Security solutions,&nbsp;<a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/solutions\" target=\"_blank\" rel=\"noopener noreferrer\">visit our website<\/a>. Bookmark the&nbsp;<a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\" target=\"_blank\" rel=\"noopener noreferrer\">Security blog<\/a>&nbsp;to keep up with our expert coverage on security matters. Also, follow us at&nbsp;<a href=\"https:\/\/twitter.com\/MSFTSecurity\" target=\"_blank\" rel=\"noopener noreferrer\">@MSFTSecurity<\/a>&nbsp;for the latest news and updates on cybersecurity.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Taking a Zero Trust approach can help to ensure optimal security without compromising end user application experiences.<\/p>\n","protected":false},"author":96,"featured_media":91229,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3662],"topic":[3679,3689],"products":[],"threat-intelligence":[],"tags":[3742,3822],"coauthors":[2183],"class_list":["post-91227","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","content-type-news","topic-network-security","topic-zero-trust","tag-azure","tag-microsoft-security-insights"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Zero Trust\u2014Part 1: Networking | Microsoft Security Blog<\/title>\n<meta name=\"description\" content=\"Taking a Zero Trust approach can help to ensure optimal security without compromising end user application experiences.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/06\/15\/zero-trust-part-1-networking\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Zero Trust\u2014Part 1: Networking\" \/>\n<meta property=\"og:description\" content=\"Taking a Zero Trust approach can help to ensure optimal security without compromising end user application experiences.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/06\/15\/zero-trust-part-1-networking\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2020-06-15T20:45:23+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-09-26T15:42:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/06\/CLO20b_Avery_Alain_Jean_Cafe_001-BANNER.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Sinead O&#039;Donovan\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Zero Trust\u2014Part 1: Networking\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/06\/CLO20b_Avery_Alain_Jean_Cafe_001-BANNER.png\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sinead O&#039;Donovan\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/06\/15\/zero-trust-part-1-networking\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/06\/15\/zero-trust-part-1-networking\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/sinead-odonovan\/\",\"@type\":\"Person\",\"@name\":\"Sinead O'Donovan\"}],\"headline\":\"Zero Trust\u2014Part 1: Networking\",\"datePublished\":\"2020-06-15T20:45:23+00:00\",\"dateModified\":\"2023-09-26T15:42:29+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/06\/15\/zero-trust-part-1-networking\/\"},\"wordCount\":1088,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/06\/15\/zero-trust-part-1-networking\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/06\/CLO20b_Avery_Alain_Jean_Cafe_001-BANNER.png\",\"keywords\":[\"Azure\",\"Microsoft Security Insights\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/06\/15\/zero-trust-part-1-networking\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/06\/15\/zero-trust-part-1-networking\/\",\"name\":\"Zero Trust\u2014Part 1: Networking | Microsoft Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/06\/15\/zero-trust-part-1-networking\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/06\/15\/zero-trust-part-1-networking\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/06\/CLO20b_Avery_Alain_Jean_Cafe_001-BANNER.png\",\"datePublished\":\"2020-06-15T20:45:23+00:00\",\"dateModified\":\"2023-09-26T15:42:29+00:00\",\"description\":\"Taking a Zero Trust approach can help to ensure optimal security without compromising end user application experiences.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/06\/15\/zero-trust-part-1-networking\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/06\/15\/zero-trust-part-1-networking\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/06\/15\/zero-trust-part-1-networking\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/06\/CLO20b_Avery_Alain_Jean_Cafe_001-BANNER.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/06\/CLO20b_Avery_Alain_Jean_Cafe_001-BANNER.png\",\"width\":1200,\"height\":630,\"caption\":\"Male developer working remotely from a caf\u00e9.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/06\/15\/zero-trust-part-1-networking\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Zero Trust\u2014Part 1: Networking\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Zero Trust\u2014Part 1: Networking | Microsoft Security Blog","description":"Taking a Zero Trust approach can help to ensure optimal security without compromising end user application experiences.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/06\/15\/zero-trust-part-1-networking\/","og_locale":"en_US","og_type":"article","og_title":"Zero Trust\u2014Part 1: Networking","og_description":"Taking a Zero Trust approach can help to ensure optimal security without compromising end user application experiences.","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/06\/15\/zero-trust-part-1-networking\/","og_site_name":"Microsoft Security Blog","article_published_time":"2020-06-15T20:45:23+00:00","article_modified_time":"2023-09-26T15:42:29+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/06\/CLO20b_Avery_Alain_Jean_Cafe_001-BANNER.png","type":"image\/png"}],"author":"Sinead O'Donovan","twitter_card":"summary_large_image","twitter_title":"Zero Trust\u2014Part 1: Networking","twitter_image":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/06\/CLO20b_Avery_Alain_Jean_Cafe_001-BANNER.png","twitter_misc":{"Written by":"Sinead O'Donovan","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/06\/15\/zero-trust-part-1-networking\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/06\/15\/zero-trust-part-1-networking\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/sinead-odonovan\/","@type":"Person","@name":"Sinead O'Donovan"}],"headline":"Zero Trust\u2014Part 1: Networking","datePublished":"2020-06-15T20:45:23+00:00","dateModified":"2023-09-26T15:42:29+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/06\/15\/zero-trust-part-1-networking\/"},"wordCount":1088,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/06\/15\/zero-trust-part-1-networking\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/06\/CLO20b_Avery_Alain_Jean_Cafe_001-BANNER.png","keywords":["Azure","Microsoft Security Insights"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/06\/15\/zero-trust-part-1-networking\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/06\/15\/zero-trust-part-1-networking\/","name":"Zero Trust\u2014Part 1: Networking | Microsoft Security Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/06\/15\/zero-trust-part-1-networking\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/06\/15\/zero-trust-part-1-networking\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/06\/CLO20b_Avery_Alain_Jean_Cafe_001-BANNER.png","datePublished":"2020-06-15T20:45:23+00:00","dateModified":"2023-09-26T15:42:29+00:00","description":"Taking a Zero Trust approach can help to ensure optimal security without compromising end user application experiences.","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/06\/15\/zero-trust-part-1-networking\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/06\/15\/zero-trust-part-1-networking\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/06\/15\/zero-trust-part-1-networking\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/06\/CLO20b_Avery_Alain_Jean_Cafe_001-BANNER.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/06\/CLO20b_Avery_Alain_Jean_Cafe_001-BANNER.png","width":1200,"height":630,"caption":"Male developer working remotely from a caf\u00e9."},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/06\/15\/zero-trust-part-1-networking\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"Zero Trust\u2014Part 1: Networking"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/91227"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=91227"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/91227\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media\/91229"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=91227"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=91227"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=91227"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=91227"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=91227"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=91227"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=91227"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}