{"id":5991,"date":"2023-07-18T12:31:58","date_gmt":"2023-07-18T19:31:58","guid":{"rendered":"https:\/\/www.microsoft.com\/insidetrack\/blog\/?p=5991"},"modified":"2023-10-10T13:41:48","modified_gmt":"2023-10-10T20:41:48","slug":"microsofts-digital-security-team-answers-your-top-10-questions-on-zero-trust","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/insidetrack\/blog\/microsofts-digital-security-team-answers-your-top-10-questions-on-zero-trust\/","title":{"rendered":"Microsoft\u2019s digital security team answers your Top 10 questions on Zero Trust"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"134\" class=\"alignright size-medium wp-image-7562\" style=\"margin-top: 0px;\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/11\/Microsoft-Digital-QA-300x134.png\" alt=\"Microsoft Digital Q&amp;A\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/11\/Microsoft-Digital-QA-300x134.png 300w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/11\/Microsoft-Digital-QA.png 400w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/>Our internal digital security team at Microsoft spends a fair amount of time talking to enterprise customers who face similar challenges when it comes to managing and securing a globally complex enterprise using a <a href=\"https:\/\/www.microsoft.com\/en-us\/itshowcase\/implementing-a-zero-trust-security-model-at-microsoft\">Zero Trust security model<\/a>. While every organization is unique, and Zero Trust isn\u2019t a \u201cone size fits all\u201d approach, nearly every CIO, CTO, or CISO that we talk to is curious to learn more about our best practices.<\/p>\n<p>We thought it would be useful to share our answers to the Top 10 Zero Trust questions from customers across the globe.<\/p>\n<blockquote class=\"quote-body\"><p>It\u2019s surprising to us how many companies haven\u2019t embraced multifactor authentication. It\u2019s the first step we took on our Zero Trust journey.<\/p>\n<p class=\"source\">&#8211; Mark Skorupa, principal program manager<\/p>\n<\/blockquote>\n<p><strong>If you had to pick, what are your top three Zero Trust best practices?<\/strong><\/p>\n<p>Microsoft\u2019s approach to Zero Trust means we don\u2019t assume any identity or device on our corporate network is secure, we continually verify it.<\/p>\n<p>With that as context, our top three practices revolve around the following:<\/p>\n<ul>\n<li><strong>Identities are secure using multifactor authentication (MFA)<\/strong>: It\u2019s surprising to us how many companies haven\u2019t embraced multifactor authentication. It\u2019s the first step we took on our Zero Trust journey. Regardless of what solution you decide to implement, adding a second identity check into the process makes it significantly more difficult for bad actors to leverage a compromised identity over just passwords alone.<\/li>\n<li><strong>Device(s) are healthy<\/strong>: It\u2019s been crucial that Microsoft can provide employees secure and productive ways to work no matter what device they\u2019re using or where they\u2019re working, especially during remote or hybrid work. However, any devices that access corporate resources must be\u202fmanaged\u202fby Microsoft and they must be healthy, meaning, they are running the latest software updates and antivirus software.<\/li>\n<li><strong>Telemetry is pervasive<\/strong>: The health of all services and applications must be monitored to ensure proper operation and compliance and enable rapid response when those conditions are not met. Before granting access to corporate resources, identities and devices are continually verified to be secure and compliant. We monitor telemetry looking for signals to identify anomalous patterns. We use telemetry to measure risk reduction and understand the user experience.<\/li>\n<\/ul>\n<p><iframe title=\"Highlights from Ignite 2020: Implementing a Zero Trust security model at Microsoft\" src=\"https:\/\/www.youtube.com\/embed\/TOrbiC8DGPE\" aria-labelledby=\"Highlights from Ignite 2020: Implementing a Zero Trust security model at Microsoft\"><\/iframe><span style=\"font-size: 10pt;\">For a transcript, please view the video on YouTube: <a href=\"https:\/\/www.youtube.com\/watch?v=TOrbiC8DGPE\" target=\"_blank\" rel=\"noopener\">https:\/\/www.youtube.com\/watch?v=TOrbiC8DGPE<\/a>, select the &#8220;More actions&#8221; button (three dots icon) below the video, and then select &#8220;Show transcript.&#8221;<\/span><\/p>\n<div style=\"margin-top: -5px;\"><em>At Ignite 2020, experts on Microsoft\u2019s digital security team share their lessons learned from implementing a Zero Trust security model at the company.<\/em><\/div>\n<p><strong>Does Microsoft require Microsoft Intune enrollment on all personal devices? Can employees use their personal laptops or devices to access corporate resources?<\/strong>For employees who want access to Microsoft corporate resources from a personal device, we require that devices be enrolled in Microsoft Intune. If they don\u2019t want to enroll their personal device, that\u2019s perfectly fine. They can access corporate resources through the following alternative options:<\/p>\n<ul class=\"c-list\">\n<li>Windows Virtual Desktop allows employees and contingent staff to use a virtual remote desktop to access corporate resources like Microsoft SharePoint or Microsoft Teams from any device.<\/li>\n<li>Employees can use Outlook on the web to access their Microsoft Outlook email account from the internet.<\/li>\n<\/ul>\n<p><strong>How does Microsoft onboard its Internet of Things (IoT) devices under the Zero Trust approach?<\/strong><\/p>\n<p>IoT is a challenge both for customers and for us.<\/p>\n<p>Internally, Microsoft is working to automate how we secure IoT devices using Zero Trust. In June, the company announced the acquisition of CyberX, which will complement existing Microsoft Azure IoT security capabilities.<\/p>\n<p>We segment our network and isolate IoT devices based on categories, including high-risk devices (such as printers); legacy devices (like digital coffee machines) that may lack the security controls required; and modern devices (such as smart personal assistant devices like an Amazon Echo) with security controls that meet our standards.<\/p>\n<p><strong>How is Microsoft moving away from VPN?<\/strong><\/p>\n<p>We\u2019ve made good progress in moving away from VPN by migrating legacy, on-premises applications to cloud-based applications. That said, we still have more work to do before we can eliminate VPN for most employees. With the growing need to support remote work, we moved quickly to <a href=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-a-zero-trust-strategy-to-secure-microsofts-network-during-remote-work\/\">redesign Microsoft\u2019s VPN infrastructure by adopting a split-tunneled configuration<\/a> where traffic is directly routed to the applications available in the cloud and through VPN for any legacy applications. The more legacy applications we make available directly from the internet, the less we need VPN.<\/p>\n<p><strong>How do you manage potential data loss?<\/strong><\/p>\n<p>Everyone at Microsoft is responsible for protecting data, and we have specific scenarios that call for additional security when accessing sensitive data. For example, when an employee needs to make changes to customer-facing production systems like firewalls, they use privileged access workstations, a dedicated operating system for sensitive tasks.<\/p>\n<p>Our employees also use features in <a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/compliance\/information-protection?view=o365-worldwide\">Microsoft Information Protection<\/a>, like the sensitivity button in Microsoft 365 applications to tag and classify documents. Depending on the classification level\u2014even if a document moves out of our environment\u2014it can only be opened by someone that was originally provided access.<\/p>\n<p><strong>How can Zero Trust be used to isolate devices on the network to further reduce an attack surface?<\/strong><\/p>\n<p>The origins of Zero Trust were focused on micro-segmentation of the network. While Microsoft\u2019s focus extends beyond the physical network and controlling assets regardless of connectivity or location, there is still a strong need for implementing network segmentation within your physical network.<\/p>\n<p>We currently have segmented our network into the configuration shown in the following diagram, and we\u2019re evaluating future segments as the need arises. For more details on our Zero Trust strategy around networking, check out <a href=\"https:\/\/nam06.safelinks.protection.outlook.com\/?url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fitshowcase%2Fmicrosofts-approach-to-zero-trust-networking-and-supporting-azure-technologies&amp;data=04%7C01%7Cjring%40microsoft.com%7Cdb0ea4effaf3486e8cc408d875437c89%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637388280002835949%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=G2KHDMcHqZmxSr2iaFoulEYB%2Fq%2B3mU2r1NFJRf62ZrM%3D&amp;reserved=0\">Microsoft\u2019s approach to Zero Trust Networking and supporting Azure technologies<\/a>.<\/p>\n<figure id=\"attachment_5996\" aria-describedby=\"caption-attachment-5996\" style=\"width: 1200px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-5996 size-full\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2020\/12\/10149_graphic.png\" alt=\"A diagram of Microsoft policy-based segmentation, which is broken into differentiated devices, identities, and workloads.\" width=\"1200\" height=\"706\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2020\/12\/10149_graphic.png 1200w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2020\/12\/10149_graphic-300x177.png 300w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2020\/12\/10149_graphic-1024x602.png 1024w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2020\/12\/10149_graphic-768x452.png 768w\" sizes=\"(max-width: 1200px) 100vw, 1200px\" \/><figcaption id=\"caption-attachment-5996\" class=\"wp-caption-text\"><em>Network segmentation is used to isolate certain devices, data, or services from other resources that have direct access.<\/em><\/figcaption><\/figure>\n<p><strong>How do you apply Zero Trust to a workstation where the user is a local admin on the device?<\/strong><\/p>\n<p>For us, it doesn\u2019t matter what the device or workstation is, or the type of account used\u2014any device that is looking for access to corporate resources needs to be enrolled and managed by Microsoft Intune, our device management service. That said, our long-term vision is to build an environment where standard user accounts have the permission levels to be just as productive as local admin accounts.<\/p>\n<p><strong>How important is it to have Microsoft Azure AD (AAD), even if we have Active Directory (AD) on-premises, for Zero Trust to work in the cloud? Can on-premises Active Directory alone work to implement Zero Trust if we install Microsoft Monitoring Agent (MMA) to it?<\/strong><\/p>\n<p>Because Microsoft has shifted most of our security infrastructure to the Microsoft Azure cloud, using Microsoft Azure AD Conditional Access is a necessity for us. It helps automate the process and determine which identities and devices are healthy and secure, which then enforces the health of those devices.<\/p>\n<p>Using MMA would get you to some level of parity, but you wouldn\u2019t be able to automate device enforcement. Our recommendation is to create an AAD instance as a replica of your on-premises AD. This allows you to continue using your on-premises AD as the master but still leverage AAD to implement some of the advanced Zero Trust protections.<\/p>\n<p><strong>How do you deal with Zero Trust for guest access scenarios?<\/strong><\/p>\n<p>When allowing guests to connect to resources or view documents, we use a least-privileged access model. Documents tagged as public are readily accessible, but items tagged as confidential or higher require the user to authenticate and receive a token to open the documents.<\/p>\n<p>We also tag resources like Microsoft SharePoint or Microsoft Teams locations that block guest access capabilities. Regarding network access, we provide a guest wireless service set identifier (SSID) for the guest to connect to which are isolated with internet only access. Finally, all guest accounts are required to meet our MFA requirements prior to granting access.<\/p>\n<blockquote class=\"quote-body\"><p>We hope this guidance is helpful to you no matter what stage of the Zero Trust journey you\u2019re on. As we look to 2021, the key lesson is to have empathy. Understanding where an employee is coming from and being transparent with them about why a policy is shifting or how it may impact them is critical.<\/p>\n<p class=\"source\">&#8211; Mark Skorupa, principal program manager<\/p>\n<\/blockquote>\n<p><strong>What\u2019s your Zero Trust priority for 2021?<\/strong><\/p>\n<p>We\u2019re modernizing legacy and on-premises apps to be available directly from the internet. Making these available, even apps with legacy authentication requirements, allows our device management service to apply conditional access, which enforces verification of identities and ensures devices are healthy.<\/p>\n<p>We hope this guidance is helpful to you no matter what stage of the Zero Trust journey you\u2019re on. As we look to the rest of 2021, our team continues to come back to is the importance of empathy. Understanding where an employee is coming from and being transparent with them about why a policy is shifting or how it may impact them is critical.<\/p>\n<p>Microsoft wasn\u2019t born in the cloud either, so many of the digital security shifts we\u2019re making by taking a Zero Trust approach aren\u2019t familiar to our employees or can be met with hesitancy. We take ringed approaches to everything we roll out, which enables us to pilot, test, and iterate on our solutions based on feedback.<\/p>\n<p>Leading with empathy keeps us focused on making sure employees are productive and efficient, and that they can be stewards of security here at Microsoft and with our customers.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"81\" class=\"alignnone size-medium wp-image-7482\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/10\/related_links-300x81.png\" alt=\"Related links\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/10\/related_links-300x81.png 300w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/10\/related_links.png 500w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/p>\n<ul class=\"c-list\">\n<li><a href=\"https:\/\/www.microsoft.com\/en-us\/itshowcase\/implementing-a-zero-trust-security-model-at-microsoft\">Read this article about how Microsoft is adopting a Zero Trust security model to secure corporate and customer data.<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Our internal digital security team at Microsoft spends a fair amount of time talking to enterprise customers who face similar challenges when it comes to managing and securing a globally complex enterprise using a Zero Trust security model. While every organization is unique, and Zero Trust isn\u2019t a \u201cone size fits all\u201d approach, nearly every [&hellip;]<\/p>\n","protected":false},"author":90,"featured_media":5994,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"_hide_featured_on_single":false,"_show_featured_caption_on_single":true,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[1],"tags":[161,361,261,327,540,407,539,422,239,95,419],"coauthors":[538],"class_list":["post-5991","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-azure-active-directory","tag-azure-identity-and-security","tag-azure-iot","tag-azure-management","tag-conditional-access","tag-enterprise-mobility-and-security","tag-enterprise-security","tag-multi-factor-authentication","tag-network","tag-security","tag-zero-trust","program-microsoft-digital-qa","m-blog-post"],"jetpack_publicize_connections":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Microsoft\u2019s digital security team answers your Top 10 questions on Zero Trust - Inside Track Blog<\/title>\n<meta name=\"description\" content=\"Microsoft&#039;s internal digital security team answers common questions about securing an enterprise using a Zero Trust security model.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/microsofts-digital-security-team-answers-your-top-10-questions-on-zero-trust\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft\u2019s digital security team answers your Top 10 questions on Zero Trust - Inside Track Blog\" \/>\n<meta property=\"og:description\" content=\"Microsoft&#039;s internal digital security team answers common questions about securing an enterprise using a Zero Trust security model.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/microsofts-digital-security-team-answers-your-top-10-questions-on-zero-trust\/\" \/>\n<meta property=\"og:site_name\" content=\"Inside Track Blog\" \/>\n<meta property=\"article:published_time\" content=\"2023-07-18T19:31:58+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-10-10T20:41:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2020\/12\/10149_wordpress_hero.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2300\" \/>\n\t<meta property=\"og:image:height\" content=\"1294\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Mark Skorupa\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mark Skorupa\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/microsofts-digital-security-team-answers-your-top-10-questions-on-zero-trust\/\",\"url\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/microsofts-digital-security-team-answers-your-top-10-questions-on-zero-trust\/\",\"name\":\"Microsoft\u2019s digital security team answers your Top 10 questions on Zero Trust - Inside Track Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/microsofts-digital-security-team-answers-your-top-10-questions-on-zero-trust\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/microsofts-digital-security-team-answers-your-top-10-questions-on-zero-trust\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2020\/12\/10149_wordpress_hero.jpg\",\"datePublished\":\"2023-07-18T19:31:58+00:00\",\"dateModified\":\"2023-10-10T20:41:48+00:00\",\"author\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/ebc2cbca0b397c58848636b8de35063c\"},\"description\":\"Microsoft's internal digital security team answers common questions about securing an enterprise using a Zero Trust security model.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/microsofts-digital-security-team-answers-your-top-10-questions-on-zero-trust\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/insidetrack\/blog\/microsofts-digital-security-team-answers-your-top-10-questions-on-zero-trust\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/microsofts-digital-security-team-answers-your-top-10-questions-on-zero-trust\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2020\/12\/10149_wordpress_hero.jpg\",\"contentUrl\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2020\/12\/10149_wordpress_hero.jpg\",\"width\":2300,\"height\":1294,\"caption\":\"Mark Skorupa, a principal program manager on the digital security team at Microsoft, has been supporting Microsoft\u2019s Zero Trust security model. (Photo submitted by Mark Skorupa)\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/microsofts-digital-security-team-answers-your-top-10-questions-on-zero-trust\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft\u2019s digital security team answers your Top 10 questions on Zero Trust\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/\",\"name\":\"Inside Track Blog\",\"description\":\"How Microsoft does IT\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/ebc2cbca0b397c58848636b8de35063c\",\"name\":\"Mark Skorupa\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/image\/8f214f2a1dc387e7bf3a2d43613889fb\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/602104a2473a27daf7f22a4d7ee748b8?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/602104a2473a27daf7f22a4d7ee748b8?s=96&d=mm&r=g\",\"caption\":\"Mark Skorupa\"},\"url\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/author\/marksk\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft\u2019s digital security team answers your Top 10 questions on Zero Trust - Inside Track Blog","description":"Microsoft's internal digital security team answers common questions about securing an enterprise using a Zero Trust security model.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/insidetrack\/blog\/microsofts-digital-security-team-answers-your-top-10-questions-on-zero-trust\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft\u2019s digital security team answers your Top 10 questions on Zero Trust - Inside Track Blog","og_description":"Microsoft's internal digital security team answers common questions about securing an enterprise using a Zero Trust security model.","og_url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/microsofts-digital-security-team-answers-your-top-10-questions-on-zero-trust\/","og_site_name":"Inside Track Blog","article_published_time":"2023-07-18T19:31:58+00:00","article_modified_time":"2023-10-10T20:41:48+00:00","og_image":[{"width":2300,"height":1294,"url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2020\/12\/10149_wordpress_hero.jpg","type":"image\/jpeg"}],"author":"Mark Skorupa","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Mark Skorupa","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/microsofts-digital-security-team-answers-your-top-10-questions-on-zero-trust\/","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/microsofts-digital-security-team-answers-your-top-10-questions-on-zero-trust\/","name":"Microsoft\u2019s digital security team answers your Top 10 questions on Zero Trust - Inside Track Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/microsofts-digital-security-team-answers-your-top-10-questions-on-zero-trust\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/microsofts-digital-security-team-answers-your-top-10-questions-on-zero-trust\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2020\/12\/10149_wordpress_hero.jpg","datePublished":"2023-07-18T19:31:58+00:00","dateModified":"2023-10-10T20:41:48+00:00","author":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/ebc2cbca0b397c58848636b8de35063c"},"description":"Microsoft's internal digital security team answers common questions about securing an enterprise using a Zero Trust security model.","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/microsofts-digital-security-team-answers-your-top-10-questions-on-zero-trust\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/insidetrack\/blog\/microsofts-digital-security-team-answers-your-top-10-questions-on-zero-trust\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/microsofts-digital-security-team-answers-your-top-10-questions-on-zero-trust\/#primaryimage","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2020\/12\/10149_wordpress_hero.jpg","contentUrl":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2020\/12\/10149_wordpress_hero.jpg","width":2300,"height":1294,"caption":"Mark Skorupa, a principal program manager on the digital security team at Microsoft, has been supporting Microsoft\u2019s Zero Trust security model. (Photo submitted by Mark Skorupa)"},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/microsofts-digital-security-team-answers-your-top-10-questions-on-zero-trust\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/insidetrack\/blog\/"},{"@type":"ListItem","position":2,"name":"Microsoft\u2019s digital security team answers your Top 10 questions on Zero Trust"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/","name":"Inside Track Blog","description":"How Microsoft does IT","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/insidetrack\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/ebc2cbca0b397c58848636b8de35063c","name":"Mark Skorupa","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/image\/8f214f2a1dc387e7bf3a2d43613889fb","url":"https:\/\/secure.gravatar.com\/avatar\/602104a2473a27daf7f22a4d7ee748b8?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/602104a2473a27daf7f22a4d7ee748b8?s=96&d=mm&r=g","caption":"Mark Skorupa"},"url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/author\/marksk\/"}]}},"jetpack_featured_media_url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2020\/12\/10149_wordpress_hero.jpg","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9hcZA-1yD","_links":{"self":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/5991"}],"collection":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/users\/90"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/comments?post=5991"}],"version-history":[{"count":23,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/5991\/revisions"}],"predecessor-version":[{"id":12328,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/5991\/revisions\/12328"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/media\/5994"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/media?parent=5991"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/categories?post=5991"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/tags?post=5991"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/coauthors?post=5991"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}