{"id":5339,"date":"2024-04-03T06:59:49","date_gmt":"2024-04-03T13:59:49","guid":{"rendered":"https:\/\/www.microsoft.com\/insidetrack\/blog\/?p=5339"},"modified":"2024-04-03T07:34:39","modified_gmt":"2024-04-03T14:34:39","slug":"using-a-zero-trust-strategy-to-secure-microsofts-network-during-remote-work","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-a-zero-trust-strategy-to-secure-microsofts-network-during-remote-work\/","title":{"rendered":"Using a Zero Trust strategy to secure Microsoft\u2019s network during remote work"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"122\" class=\"size-medium wp-image-7436 alignright\" style=\"margin-top: 0px;\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/10\/ms-digital-stories-300x122.png\" alt=\"Microsoft Digital stories\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/10\/ms-digital-stories-300x122.png 300w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/10\/ms-digital-stories.png 400w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><em>[Editor\u2019s note: This content was written to highlight a particular event or moment in time. Although that moment has passed, we\u2019re republishing it here so you can see what our thinking and experience was like at the time.]<\/em><\/p>\n<p>Microsoft\u2019s cloud-first strategy enables most Microsoft employees to directly access applications and services via the internet, but remote workers still use the company\u2019s virtual private network (VPN) to access some corporate resources and applications when they\u2019re outside of the office.<\/p>\n<p>This became increasingly apparent when Microsoft prepared for its employees to work remotely in response to the global pandemic. VPN usage increased by 70 percent, which coincides with the significant spike in users working from home daily.<\/p>\n<p>So then, how is Microsoft ensuring that its employees can securely access the applications they need?<\/p>\n<p>With split tunneling and a Zero Trust security strategy.<\/p>\n<p>As part of the company\u2019s Zero Trust security strategy, employees in Microsoft Digital Employee Experience (MDEE) redesigned the VPN infrastructure by adopting a split-tunneled configuration that further enables the company\u2019s workloads moving to the cloud.<\/p>\n<p>\u201cAdopting split tunneling has ensured that Microsoft employees can access core applications over the internet using Microsoft Azure and Microsoft Office 365,\u201d says Steve Means, a principal cloud network engineering manager in MDEE. \u201cThis takes pressure off the VPN and gives employees more bandwidth to do their job securely.\u201d<\/p>\n<p>Eighty percent of remote working traffic flows to cloud endpoints where split tunneling is enabled, but the rest of the work that employees do remotely\u2014which needs to be locked down on the corporate network\u2014still goes through the company\u2019s VPN.<\/p>\n<p>\u201cWe need to make sure our VPN infrastructure has the same level of corporate network security as applications in the cloud,\u201d says Carmichael Patton, a principal security architect on Microsoft\u2019s Digital Security and Resilience team. \u201cWe\u2019re applying the same Zero Trust principles to our VPN traffic, by applying conditional access to each connection.\u201d<\/p>\n<p><em>[<\/em><a href=\"https:\/\/www.microsoft.com\/en-us\/itshowcase\/enhancing-remote-access-in-windows-10-with-an-automatic-vpn-profile?elevate-wr\"><em>Learn how Microsoft rebuilt its VPN infrastructure.<\/em><\/a> <a href=\"https:\/\/www.microsoft.com\/en-us\/itshowcase\/transitioning-to-modern-access-architecture-with-zero-trust\"><em>Learn how Microsoft transitioned to modern access architecture with Zero Trust.<\/em><\/a> <a href=\"https:\/\/www.microsoft.com\/en-us\/itshowcase\/microsofts-approach-to-zero-trust-networking-and-supporting-azure-technologies\"><em>Read how Microsoft is approaching Zero Trust Networking.<\/em><\/a><em>]<\/em><br \/>\n<iframe title=\"Enabling remote work: Our remote infrastructure design and Zero Trust\" src=\"https:\/\/www.youtube.com\/embed\/bleFoL0NkVM\" aria-labelledby=\"Enabling remote work: Our remote infrastructure design and Zero Trust\"><\/iframe><span style=\"font-size: 10pt;\">For a transcript, please view the video on YouTube: <a href=\"https:\/\/www.youtube.com\/watch?v=bleFoL0NkVM\" target=\"_blank\" rel=\"noopener\">https:\/\/www.youtube.com\/watch?v=bleFoL0NkVM<\/a>, select the &#8220;More actions&#8221; button (three dots icon) below the video, and then select &#8220;Show transcript.&#8221;<\/span><\/p>\n<div style=\"margin-top: -5px;\"><em>Experts from Microsoft Digital answer frequently asked questions around how VPN, modern device management, and Zero Trust come together to deliver a world class remote work platform.<\/em><\/div>\n<h2>Securing remote workers with device management and conditional access<\/h2>\n<p>Moving most of the work that employees require to the cloud only became possible after the company adopted modern security controls that focus on securing devices.<\/p>\n<p>\u201cWe no longer rely solely on the network to manage firewalls,\u201d Patton says. \u201cInstead, each application that an employee uses enforces its own security management\u2014this means employees can only use an app after it verifies the health of their device.\u201d<\/p>\n<p>To support this transformed approach to security, Microsoft adopted a <a href=\"https:\/\/www.microsoft.com\/en-us\/itshowcase\/implementing-a-zero-trust-security-model-at-microsoft\">Zero Trust security model<\/a>, which manages risk and secures working remotely by managing the device an employee uses.<\/p>\n<p>\u201cBefore an employee can access an application, they must enroll their device, have relevant security policies, and have their device health validated,\u201d Patton says. \u201cThis ensures that only registered devices that comply with company security policies can access corporate resources, which reduces the risk of malware and intruders.\u201d<\/p>\n<p>The team also recommends using a dynamic and scalable authentication mechanism, like <a href=\"https:\/\/docs.microsoft.com\/azure\/active-directory\/fundamentals\/active-directory-whatis\" target=\"_blank\" rel=\"noopener noreferrer\">Azure Active Directory<\/a>, to avoid the trouble of certificates.<\/p>\n<p>While most employees rely on our standard VPN infrastructure, Microsoft has specific scenarios that call for additional security when accessing company infrastructure or sensitive data. This is the case for MDEE employees in owner and contributor roles that are configured on a Microsoft Azure subscription as well as employees who make changes to customer-facing production services and systems like firewalls and network gear. To access corporate resources, these employees use <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows-server\/identity\/securing-privileged-access\/privileged-access-workstations\" target=\"_blank\" rel=\"noopener noreferrer\">Privileged Access Workstations<\/a>, a dedicated operating system for sensitive tasks, to access a highly secure VPN infrastructure.<\/p>\n<p>Phil Suver, a principal PM manager in MDEE, says working remotely during the global pandemic gives employees a sense of what the Zero Trust experience will be like when they return to the office.<\/p>\n<p>\u201cHardened local area networks that previously accessed internal applications are a model of the past,\u201d Suver says. \u201cWe see split tunneling as a gateway to prepare our workforce for our Zero Trust Networking posture, where user devices are highly protected from vulnerability and employees use the internet for their predominant workload.\u201d<\/p>\n<p>It\u2019s also important to review your VPN structure for updates.<\/p>\n<p>\u201cWhen evaluating your VPN configuration, identify the highest compliance risks to your organization and make them the priority for controls, policies, and procedures,\u201d Patton says. \u201cUnderstand the security controls you give up by not flowing the connections through your internal infrastructure. Then, look at the controls you\u2019re able to extend to the clients themselves, and find the right balance of risk and productivity that fits your organization.\u201d<\/p>\n<h2>Keeping your devices up-to-date with split tunneling<\/h2>\n<p>Enterprises can also optimize patching and manage update compliance using services like <a href=\"https:\/\/www.microsoft.com\/en-us\/microsoft-365\/microsoft-endpoint-manager\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft Endpoint Manager<\/a>, <a href=\"https:\/\/www.microsoft.com\/en-us\/microsoft-365\/enterprise-mobility-security\/microsoft-intune\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft Intune<\/a>, and <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/deployment\/update\/waas-manage-updates-wufb\" target=\"_blank\" rel=\"noopener noreferrer\">Windows Update for Business<\/a>. At Microsoft, a split-tunneled VPN configuration allows these services to keep devices current without requiring a VPN tunnel to do it.<\/p>\n<p>\u201cWith a split-tunneled configuration, update traffic comes through the internet,\u201d says Mike Carlson, a principal service engineering manager in MDEE. \u201cThis improves the user experience for employees by freeing up VPN bandwidth during patch and release cycles.\u201d<\/p>\n<p>At Microsoft, device updates fall into two categories: feature updates and quality updates. Feature updates occur every six months and encompass new operating system features, functionality, and major bug fixes. In contrast, monthly quality updates include security and reliability updates as well as small bug fixes. To balance both user experience and security, Microsoft\u2019s current configuration of Windows Update for Business prompts Microsoft employees to update within 48 hours for quality updates and 7 days for feature updates.<\/p>\n<p>\u201cNot only can Windows Update for Business isolate update traffic from the VPN connection, but it can also provide better compliance management by using the deadline feature to adjust the timing of quality and feature updates,\u201d Carlson says. \u201cWe can quickly drive compliance and have more time to focus on employees that may need additional support.\u201d<\/p>\n<h2>Evaluating your VPN configuration<\/h2>\n<p>When your enterprise evaluates which VPN configuration works best for your company and users, you must evaluate their workflows.<\/p>\n<p>\u201cSome companies may need a full tunnel configuration, and others might want something cloud-based,\u201d Means says. \u201cIf you\u2019re a Microsoft customer, you can work with your sales team to request a customer engagement with a Microsoft expert to better understand our implementation and whether it would work for your enterprise.\u201d<\/p>\n<p>Means also said that it\u2019s important to assess the legal requirements of the countries you operate in, which is done at Microsoft using <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/traffic-manager\/traffic-manager-overview\" target=\"_blank\" rel=\"noopener noreferrer\">Azure Traffic Manager<\/a>. For example, split tunneling may not be the right configuration for countries with tighter controls over how traffic flows within and beyond their borders.<\/p>\n<p>Suver also emphasized the importance of understanding the persona of your workforce, suggesting you should assess the workloads they may need to use remotely and their bandwidth capacity. You should also consider the maximum number of concurrent connections your VPN infrastructure supports and think through potential seasonal disruptions.<\/p>\n<p>\u201cEnsure that you\u2019ve built for a snow day or a pandemic of a global nature,\u201d Suver says. \u201cWe\u2019ve had to send thousands of customer support agents to work from home. Typically, they didn\u2019t use VPN to have voice conversations with customers. Because we sized and distributed our infrastructure for a global workforce, we were able to quickly adapt to the dramatic shift in workloads that have come from our employees working from home during the pandemic. Anticipate some of the changes in workflow that might occur, and test for those conditions.\u201d<\/p>\n<p>It\u2019s also important to collect user connection and traffic data in a central location for your VPN infrastructure, to use modern visualization services like <a href=\"https:\/\/powerbi.microsoft.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft Power BI<\/a> to identify hot spots before they happen, and to plan for growth.<\/p>\n<p>Means\u2019s biggest piece of advice?<\/p>\n<p>Focus on what your enterprise needs and go from there.<\/p>\n<p>\u201cIdentify what you want to access and what you want to protect,\u201d he says. \u201cThen build to that model.\u201d<\/p>\n<h2>Tips for retooling VPN at your company<\/h2>\n<p>Azure offers a native, highly-scalable VPN gateway, and the most common third-party VPN and Software-Defined Wide Area Network virtual appliances in the <a href=\"https:\/\/azuremarketplace.microsoft.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Azure Marketplace<\/a>.<\/p>\n<p>For more information on these and other Azure and Office network optimizing practices, please see:<\/p>\n<ul class=\"c-list\">\n<li><a href=\"https:\/\/docs.microsoft.com\/en-us\/office365\/enterprise\/office-365-network-connectivity-principles\" target=\"_blank\" rel=\"noopener noreferrer\">Office Connectivity Principles<\/a><\/li>\n<li><a href=\"https:\/\/docs.microsoft.com\/microsoftteams\/upgrade-prepare-environment-prepare-network\" target=\"_blank\" rel=\"noopener noreferrer\">Network considerations for Teams<\/a><\/li>\n<li><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/vpn-gateway\/openvpn-azure-ad-client\" target=\"_blank\" rel=\"noopener noreferrer\">Azure OpenVPN client<\/a><\/li>\n<li><a href=\"https:\/\/docs.microsoft.com\/azure\/vpn-gateway\/vpn-gateway-about-vpngateways\" target=\"_blank\" rel=\"noopener noreferrer\">Azure VPN Gateways<\/a><\/li>\n<li><a href=\"https:\/\/docs.microsoft.com\/azure\/vpn-gateway\/point-to-site-about\" target=\"_blank\" rel=\"noopener noreferrer\">Azure Point-to-site VPN<\/a><\/li>\n<li><a href=\"https:\/\/azuremarketplace.microsoft.com\/en-us\/marketplace\/apps\/category\/networking?filters=partners&amp;page=1&amp;search=vpn\" target=\"_blank\" rel=\"noopener noreferrer\">VPN Network Virtual Appliances in the Azure Marketplace<\/a><\/li>\n<li>Publishing web applications using <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/manage-apps\/application-proxy\" target=\"_blank\" rel=\"noopener noreferrer\">Azure Active Directory\u2019s Application Proxy<\/a><\/li>\n<li><a href=\"https:\/\/docs.microsoft.com\/en-us\/office365\/enterprise\/office-365-vpn-implement-split-tunnel#howto-guides-for-common-vpn-platforms\" target=\"_blank\" rel=\"noopener noreferrer\">VPN split tunneling for Office 365<\/a><\/li>\n<li><a href=\"https:\/\/docs.microsoft.com\/en-us\/office365\/enterprise\/office-365-vpn-implement-split-tunnel#howto-guides-for-common-vpn-platforms\" target=\"_blank\" rel=\"noopener noreferrer\">How-to guides for common VPN platforms<\/a><\/li>\n<li><a href=\"https:\/\/aka.ms\/NetUpdate\" target=\"_blank\" rel=\"noopener noreferrer\">Updates for improving work-from-home employee access<\/a><\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"81\" class=\"alignnone size-medium wp-image-7482\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/10\/related_links-300x81.png\" alt=\"Related links\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/10\/related_links-300x81.png 300w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/10\/related_links.png 500w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/p>\n<ul class=\"c-list\">\n<li><a href=\"https:\/\/www.microsoft.com\/security\/blog\/2020\/03\/26\/alternative-security-professionals-it-achieve-modern-security-controls-todays-unique-remote-work-scenarios\/\" target=\"_blank\" rel=\"noopener noreferrer\">Here are some alternative ways for security professionals and IT to achieve modern security controls in remote work scenarios.<\/a><\/li>\n<li><a href=\"https:\/\/www.microsoft.com\/security\/blog\/secure-remote-work\/\" target=\"_blank\" rel=\"noopener noreferrer\">Check our best practices and guidelines for security professionals on how to work remotely and stay secure.<\/a><\/li>\n<\/ul>\n<p>Here are additional resources to learn more about how Microsoft applies networking best practices and supports a Zero Trust security strategy:<\/p>\n<ul class=\"c-list\">\n<li><a href=\"https:\/\/www.microsoft.com\/en-us\/itshowcase\/enhancing-remote-access-in-windows-10-with-an-automatic-vpn-profile?elevate-wr\">Learn how Microsoft rebuilt its VPN infrastructure.<\/a><\/li>\n<li><a href=\"https:\/\/www.microsoft.com\/en-us\/itshowcase\/transitioning-to-modern-access-architecture-with-zero-trust\">Learn how Microsoft transitioned to modern access architecture with Zero Trust.<\/a><\/li>\n<li><a href=\"https:\/\/www.microsoft.com\/en-us\/itshowcase\/microsofts-approach-to-zero-trust-networking-and-supporting-azure-technologies\">Read how Microsoft is approaching Zero Trust Networking.<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>[Editor\u2019s note: This content was written to highlight a particular event or moment in time. Although that moment has passed, we\u2019re republishing it here so you can see what our thinking and experience was like at the time.] Microsoft\u2019s cloud-first strategy enables most Microsoft employees to directly access applications and services via the internet, but [&hellip;]<\/p>\n","protected":false},"author":64,"featured_media":5344,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"_hide_featured_on_single":false,"_show_featured_caption_on_single":true,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[1],"tags":[161,361,383,407,239,319,444,445,430,300,419],"coauthors":[213],"class_list":["post-5339","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-azure-active-directory","tag-azure-identity-and-security","tag-azure-networking","tag-enterprise-mobility-and-security","tag-network","tag-office","tag-patching","tag-remote-work","tag-vpn","tag-windows","tag-zero-trust","program-ms-digital-stories","m-blog-post"],"jetpack_publicize_connections":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Using a Zero Trust strategy to secure Microsoft\u2019s network during remote work - Inside Track Blog<\/title>\n<meta name=\"description\" content=\"Microsoft adopted a split-tunneled configuration for its VPN platform, which allows employees to quickly access resources and applications that are in the cloud while working remotely. The company is applying a Zero Trust security strategy to VPN traffic, which ensures security controls are in place to access corporate resources.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-a-zero-trust-strategy-to-secure-microsofts-network-during-remote-work\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Using a Zero Trust strategy to secure Microsoft\u2019s network during remote work - Inside Track Blog\" \/>\n<meta property=\"og:description\" content=\"Microsoft adopted a split-tunneled configuration for its VPN platform, which allows employees to quickly access resources and applications that are in the cloud while working remotely. The company is applying a Zero Trust security strategy to VPN traffic, which ensures security controls are in place to access corporate resources.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-a-zero-trust-strategy-to-secure-microsofts-network-during-remote-work\/\" \/>\n<meta property=\"og:site_name\" content=\"Inside Track Blog\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-03T13:59:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-03T14:34:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2020\/04\/10018_wordpress-hero.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2100\" \/>\n\t<meta property=\"og:image:height\" content=\"1321\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Aleenah Ansari\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/aleenah_ansari\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Aleenah Ansari\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-a-zero-trust-strategy-to-secure-microsofts-network-during-remote-work\/\",\"url\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-a-zero-trust-strategy-to-secure-microsofts-network-during-remote-work\/\",\"name\":\"Using a Zero Trust strategy to secure Microsoft\u2019s network during remote work - Inside Track Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-a-zero-trust-strategy-to-secure-microsofts-network-during-remote-work\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-a-zero-trust-strategy-to-secure-microsofts-network-during-remote-work\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2020\/04\/10018_wordpress-hero.jpg\",\"datePublished\":\"2024-04-03T13:59:49+00:00\",\"dateModified\":\"2024-04-03T14:34:39+00:00\",\"author\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/3628ba30cb586f29b7f552d9c2099ad2\"},\"description\":\"Microsoft adopted a split-tunneled configuration for its VPN platform, which allows employees to quickly access resources and applications that are in the cloud while working remotely. The company is applying a Zero Trust security strategy to VPN traffic, which ensures security controls are in place to access corporate resources.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-a-zero-trust-strategy-to-secure-microsofts-network-during-remote-work\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-a-zero-trust-strategy-to-secure-microsofts-network-during-remote-work\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-a-zero-trust-strategy-to-secure-microsofts-network-during-remote-work\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2020\/04\/10018_wordpress-hero.jpg\",\"contentUrl\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2020\/04\/10018_wordpress-hero.jpg\",\"width\":2100,\"height\":1321,\"caption\":\"Steve Means (left), Carmichael Patton (top right), and Phil Suver (bottom right) are in regular conversation about how they can secure remote workers by applying a Zero Trust security model. (Photo by Aleenah Ansari | Inside Track)\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-a-zero-trust-strategy-to-secure-microsofts-network-during-remote-work\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Using a Zero Trust strategy to secure Microsoft\u2019s network during remote work\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/\",\"name\":\"Inside Track Blog\",\"description\":\"How Microsoft does IT\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/3628ba30cb586f29b7f552d9c2099ad2\",\"name\":\"Aleenah Ansari\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/image\/e195b01ea06c2b9018fa51d79cc4d3e2\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6e391b49ab7d74433ed29d5b0a20ebc6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6e391b49ab7d74433ed29d5b0a20ebc6?s=96&d=mm&r=g\",\"caption\":\"Aleenah Ansari\"},\"description\":\"My name is Aleenah Ansari (she\/her), and I\u2019m equal parts storyteller, creative problem solver, and journalist at heart who\u2019s rooted in the stories of people behind code and user interfaces. As a writer for Microsoft Inside Track, I tell stories about the experts who build, deploy, and manage the tools used by 165,000+ employees at Microsoft. My stories cover everything from Microsoft\u2019s security training, underwater center, and internal data catalog to the Yammer community used by visa-dependent employees.\",\"sameAs\":[\"https:\/\/www.aleenahansari.com\/\",\"https:\/\/www.linkedin.com\/in\/aleenah-ansari\/\",\"https:\/\/x.com\/https:\/\/twitter.com\/aleenah_ansari\"],\"url\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/author\/aansari\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Using a Zero Trust strategy to secure Microsoft\u2019s network during remote work - Inside Track Blog","description":"Microsoft adopted a split-tunneled configuration for its VPN platform, which allows employees to quickly access resources and applications that are in the cloud while working remotely. The company is applying a Zero Trust security strategy to VPN traffic, which ensures security controls are in place to access corporate resources.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-a-zero-trust-strategy-to-secure-microsofts-network-during-remote-work\/","og_locale":"en_US","og_type":"article","og_title":"Using a Zero Trust strategy to secure Microsoft\u2019s network during remote work - Inside Track Blog","og_description":"Microsoft adopted a split-tunneled configuration for its VPN platform, which allows employees to quickly access resources and applications that are in the cloud while working remotely. The company is applying a Zero Trust security strategy to VPN traffic, which ensures security controls are in place to access corporate resources.","og_url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-a-zero-trust-strategy-to-secure-microsofts-network-during-remote-work\/","og_site_name":"Inside Track Blog","article_published_time":"2024-04-03T13:59:49+00:00","article_modified_time":"2024-04-03T14:34:39+00:00","og_image":[{"width":2100,"height":1321,"url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2020\/04\/10018_wordpress-hero.jpg","type":"image\/jpeg"}],"author":"Aleenah Ansari","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/aleenah_ansari","twitter_misc":{"Written by":"Aleenah Ansari","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-a-zero-trust-strategy-to-secure-microsofts-network-during-remote-work\/","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-a-zero-trust-strategy-to-secure-microsofts-network-during-remote-work\/","name":"Using a Zero Trust strategy to secure Microsoft\u2019s network during remote work - Inside Track Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-a-zero-trust-strategy-to-secure-microsofts-network-during-remote-work\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-a-zero-trust-strategy-to-secure-microsofts-network-during-remote-work\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2020\/04\/10018_wordpress-hero.jpg","datePublished":"2024-04-03T13:59:49+00:00","dateModified":"2024-04-03T14:34:39+00:00","author":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/3628ba30cb586f29b7f552d9c2099ad2"},"description":"Microsoft adopted a split-tunneled configuration for its VPN platform, which allows employees to quickly access resources and applications that are in the cloud while working remotely. The company is applying a Zero Trust security strategy to VPN traffic, which ensures security controls are in place to access corporate resources.","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-a-zero-trust-strategy-to-secure-microsofts-network-during-remote-work\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/insidetrack\/blog\/using-a-zero-trust-strategy-to-secure-microsofts-network-during-remote-work\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-a-zero-trust-strategy-to-secure-microsofts-network-during-remote-work\/#primaryimage","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2020\/04\/10018_wordpress-hero.jpg","contentUrl":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2020\/04\/10018_wordpress-hero.jpg","width":2100,"height":1321,"caption":"Steve Means (left), Carmichael Patton (top right), and Phil Suver (bottom right) are in regular conversation about how they can secure remote workers by applying a Zero Trust security model. (Photo by Aleenah Ansari | Inside Track)"},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-a-zero-trust-strategy-to-secure-microsofts-network-during-remote-work\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/insidetrack\/blog\/"},{"@type":"ListItem","position":2,"name":"Using a Zero Trust strategy to secure Microsoft\u2019s network during remote work"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/","name":"Inside Track Blog","description":"How Microsoft does IT","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/insidetrack\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/3628ba30cb586f29b7f552d9c2099ad2","name":"Aleenah Ansari","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/image\/e195b01ea06c2b9018fa51d79cc4d3e2","url":"https:\/\/secure.gravatar.com\/avatar\/6e391b49ab7d74433ed29d5b0a20ebc6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6e391b49ab7d74433ed29d5b0a20ebc6?s=96&d=mm&r=g","caption":"Aleenah Ansari"},"description":"My name is Aleenah Ansari (she\/her), and I\u2019m equal parts storyteller, creative problem solver, and journalist at heart who\u2019s rooted in the stories of people behind code and user interfaces. As a writer for Microsoft Inside Track, I tell stories about the experts who build, deploy, and manage the tools used by 165,000+ employees at Microsoft. My stories cover everything from Microsoft\u2019s security training, underwater center, and internal data catalog to the Yammer community used by visa-dependent employees.","sameAs":["https:\/\/www.aleenahansari.com\/","https:\/\/www.linkedin.com\/in\/aleenah-ansari\/","https:\/\/x.com\/https:\/\/twitter.com\/aleenah_ansari"],"url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/author\/aansari\/"}]}},"jetpack_featured_media_url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2020\/04\/10018_wordpress-hero.jpg","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9hcZA-1o7","_links":{"self":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/5339"}],"collection":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/users\/64"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/comments?post=5339"}],"version-history":[{"count":16,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/5339\/revisions"}],"predecessor-version":[{"id":13933,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/5339\/revisions\/13933"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/media\/5344"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/media?parent=5339"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/categories?post=5339"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/tags?post=5339"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/coauthors?post=5339"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}