{"id":9344,"date":"2025-04-24T11:30:00","date_gmt":"2025-04-24T18:30:00","guid":{"rendered":"https:\/\/www.microsoft.com\/insidetrack\/blog\/?p=9344"},"modified":"2025-12-09T09:09:51","modified_gmt":"2025-12-09T17:09:51","slug":"implementing-a-zero-trust-security-model-at-microsoft","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-a-zero-trust-security-model-at-microsoft\/","title":{"rendered":"Implementing a Zero Trust security model at Microsoft"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">At Microsoft, our shift to a Zero Trust security model\u2014which began more than seven years ago\u2014has helped us navigate many challenges.<\/p>\n\n\n\n<aside class=\"wp-block-group aside-for-guide has-white-200-background-color has-background has-global-padding is-content-justification-right is-layout-constrained wp-container-core-group-is-layout-3f1abf08 wp-block-group-is-layout-constrained\" style=\"border-radius:10px;padding-top:var(--wp--preset--spacing--spacing-12);padding-right:var(--wp--preset--spacing--spacing-12);padding-bottom:var(--wp--preset--spacing--spacing-12);padding-left:var(--wp--preset--spacing--spacing-12)\">\n<div class=\"wp-block-group is-nowrap is-layout-flex wp-container-core-group-is-layout-298f84b7 wp-block-group-is-layout-flex\" style=\"margin-top:0;margin-bottom:0;padding-top:0;padding-bottom:0\">\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"132\" height=\"132\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/10\/Engage-with-our-experts_blogs.png\" alt=\"\" class=\"wp-image-20636\" style=\"width:48px\"\/><\/figure>\n\n\n\n<p class=\"has-body-lg-font-size wp-block-paragraph\"><strong>Engage with our experts!<\/strong><\/p>\n<\/div>\n\n\n\n<p class=\"wp-block-paragraph\" style=\"margin-top:var(--wp--preset--spacing--spacing-4)\">Customers or Microsoft account team representatives from Fortune 500 companies are welcome to <a href=\"mailto:msitstaff@microsoft.com\">request a virtual engagement<\/a> on this topic with experts from our Microsoft Digital team.<\/p>\n<\/aside>\n\n\n\n<p class=\"wp-block-paragraph\">The increasing prevalence of cloud-based services, mobile computing, internet of things (IoT), and bring your own device (BYOD) in the workforce have changed the technology landscape for the modern enterprise. Security architectures that rely on network firewalls and virtual private networks (VPNs) to isolate and restrict access to corporate technology resources and services are no longer sufficient for a workforce that regularly requires access to applications and resources that exist beyond traditional corporate network boundaries.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The shift to the internet as the network of choice and the continuously evolving threats led us to adopt a Zero Trust security model internally here at Microsoft. Though our journey began many years ago, we expect that it will continue to evolve for years to come.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe loading=\"lazy\" class=\"youtube-player\" width=\"640\" height=\"360\" src=\"https:\/\/www.youtube.com\/embed\/ZVLlEj2So4E?version=3&#038;rel=1&#038;showsearch=0&#038;showinfo=1&#038;iv_load_policy=1&#038;fs=1&#038;hl=en-US&#038;autohide=2&#038;wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\"><\/iframe><\/span>\n<\/div><figcaption class=\"wp-element-caption\">For a transcript, please <a href=\"https:\/\/www.youtube.com\/watch?v=ZVLlEj2So4E\" target=\"_blank\" rel=\"noreferrer noopener\">view the video on YouTube<\/a> and select \u201cShow transcript\u201d at the bottom of the description pane.<\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><em>Carmichael Patton, a principal security architect at Microsoft, shares about the work that his team in the Chief Information Security Office (CISO) organization has been doing to support a Zero Trust security model.<\/em><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The Zero Trust model<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Based on the principle of verified trust\u2014in order to trust, you must first verify\u2014Zero Trust eliminates the inherent trust that is assumed inside the traditional corporate network. Zero Trust architecture reduces risk across all environments by establishing strong identity verification, validating device compliance prior to granting access, and ensuring least privilege access to only explicitly authorized resources.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Zero Trust requires that every transaction between systems (user identity, device, network, and applications) be validated and proven trustworthy before the transaction can occur. In an ideal Zero Trust environment, the following behaviors are required:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\"><strong>Identities are validated and secure with phishing-resistant authentication (MFA) everywhere.<\/strong>&nbsp;Using phishing-resistant authentication eliminates password expirations and eventually will eliminate passwords. The added use of biometrics ensures strong authentication for user-backed identities.<\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>Devices are managed and validated as healthy.<\/strong>&nbsp;Device health validation is required. All device types and operating systems must meet a required minimum health state as a condition of access to any Microsoft resource.<\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>Telemetry is pervasive.<\/strong>&nbsp;Pervasive data and telemetry are used to understand the current security state, identify gaps in coverage, validate the impact of new controls, and correlate data across all applications and services in the environment. Robust and standardized auditing, monitoring, and telemetry capabilities are core requirements across users, devices, applications, services, and access patterns.<\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>Least privilege access is enforced.<\/strong>&nbsp;Limit access to only the applications, services, and infrastructure required to perform the job function. Access solutions that provide broad access to networks without segmentation or are scoped to specific resources, such as broad access VPN, must be eliminated.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Zero Trust scenarios<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">We have identified four core scenarios at Microsoft to help achieve Zero Trust. These scenarios satisfy the requirements for strong identity, enrollment in device management and device-health validation, alternative access for unmanaged devices, and validation of application health. The core scenarios are described here:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\"><strong>Scenario 1:<\/strong>&nbsp;Applications and services have the mechanisms to validate multifactor authentication and device health.<\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>Scenario 2:<\/strong>&nbsp;Employees can enroll devices into a modern management system which guarantees the health of the device to control access to company resources.<\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>Scenario 3:<\/strong>&nbsp;Employees and business guests have a method to access corporate resources when not using a managed device.<\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>Scenario 4:&nbsp;<\/strong>Access to resources is limited to the minimum required\u2014least privilege access\u2014to perform a specified function.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Zero Trust scope and phases<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">We\u2019re taking a structured approach toward Zero Trust, an effort that spans many technologies and organizations and requires investments that will carry over multiple years. The graphic below represents a high-level view of the Zero Trust goals\u2014grouped into our core Zero Trust pillars\u2014that we continually work toward.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">While these goals don\u2019t represent the full scope of the Zero Trust efforts and work streams, they capture the most significant areas of Zero Trust effort at Microsoft.<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-text-align-center\">Pillars of the Microsoft Zero Trust model<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"508\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/04\/10736_graphic_1-1024x508.png\" alt=\"Graphic showing the four main pillars of our Zero Trust security model: Verify identity, Verify device, Verify Access, and Verify Services.\" class=\"wp-image-18942\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/04\/10736_graphic_1-1024x508.png 1024w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/04\/10736_graphic_1-300x149.png 300w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/04\/10736_graphic_1-768x381.png 768w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/04\/10736_graphic_1-1536x762.png 1536w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/04\/10736_graphic_1.png 1698w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>The major goals for each Zero Trust pillar that we work toward at Microsoft.<\/em><\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Scope<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Our initial scope for implementing Zero Trust focused on common corporate services used across our enterprise\u2014our employees, partners, and vendors. Our Zero Trust implementation targeted the core set of applications that Microsoft employees use daily (e.g., Microsoft 365 apps, line-of-business apps) on platforms like iOS, Android, MacOS, Linux, and Windows. As we have progressed, our focus has expanded to include all applications used across Microsoft. Any corporate-owned or personal device that accesses company resources must be managed through our device management systems.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Verify identity<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">To begin enhancing security for the environment, we implemented MFA using smart cards to control administrative access to servers. We later expanded the multifactor authentication requirement to include all users accessing resources from outside the corporate network. The massive increase in mobile devices connecting to corporate resources pushed us to evolve our multifactor authentication system from physical smart cards to a phone-based challenge (phone-factor) and later into a more modern experience using the Microsoft Azure Authenticator application.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The next step in this area is <a href=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-strong-user-authentication-with-windows-hello-for-business\/\">the widespread deployment of Windows Hello for Business for biometric authentication<\/a>. While Windows Hello hasn\u2019t completely eliminated passwords in our environment, it has significantly reduced password usage and enabled us to remove our password-expiration policy. Additionally, multifactor authentication validation is required for all accounts, including guest accounts, when accessing Microsoft resources.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Our most recent efforts involve rolling out phishing-resistant authentication credentials through Passkey options in the Microsoft Authenticator app, with YUBIKeys as an option for limited-scale use cases. Additionally, all new employee onboarding is now run through a process for Passkey configuration, without the use of a password from day one.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Verify device<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Our first step toward device verification was enrolling devices into a device-management system. We have since completed the rollout of device management for Windows, Mac, Linux, iOS, and Android. Many of our high-traffic applications and services, such as Microsoft 365 and VPN, enforce device health for user access.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Additionally, we\u2019ve started using device management to enable proper device health validation, a foundational component that allows us to set and enforce health policies for devices accessing Microsoft resources. We\u2019re using Windows Autopilot for device provisioning, which ensures that all new Windows devices delivered to employees are already enrolled in our modern device management system.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Devices accessing the corporate network must also be enrolled in the device-management system. This includes both Microsoft-owned devices and personal BYOD devices. If employees want to use their personal devices to access Microsoft resources, the devices must be enrolled and adhere to the same device-health policies that govern corporate-owned devices.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For devices where enrollment in device management isn\u2019t an option, we\u2019ve created a secure access model called Microsoft Azure Virtual Desktop. Virtual Desktop creates a session with a virtual machine that meets the device-management requirements. This allows individuals using unmanaged devices to securely access select Microsoft resources.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">There is still work remaining within the verify device pillar. We\u2019re in the process of maturing device management for Linux devices and expanding the number of applications enforcing device management to eventually include all applications and services. We\u2019re expanding the number of resources available when connecting through the Virtual Desktop service. We\u2019re also expanding to other devices, such as the Meta Quest headsets, conference room devices, and kiosks. Finally, we\u2019re making device-health policies more robust and enabling validation across all applications and services.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Verify access<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">In the verify access pillar, we focused on segmenting users and devices across purpose-built networks, migrating all Microsoft employees to use the internet as the default network, and automatically routing users and devices to appropriate network segments. We successfully deployed several network segments, both for users and devices, including internet-default wired and wireless networks across all Microsoft buildings. All users received policy updates to their systems, thus making this internet-based network their new default.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">As part of this network rollout, we deployed a device-registration portal. This portal allows users to self-identify, register, or modify devices to ensure that the devices connect to the appropriate network segment. Through this portal, users can register guest devices, user devices, and IoT devices.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">We also created specialized segments, including purpose-built segments for the various IoT devices and scenarios used throughout the organization. We completed the migration of our highest-priority IoT devices in Microsoft offices into the appropriate segments.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Verify services<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">In the verify services pillar, our efforts center on enabling conditional access across all applications and services. To achieve full conditional access validation, a key effort requires modernizing legacy applications or implementing solutions for applications and services that can\u2019t natively support conditional access systems. This has the added benefit of reducing the dependency on VPN and the corporate network.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Microsoft has adopted a hybrid workplace and a large percentage of our employees have transitioned to work from home. This shift has meant greatly increased use of remote network connectivity. Gradually, we have been able to successfully engage application owners in our plans to make applications and services accessible over the internet without VPN, and we\u2019ve been able to transition 98% of our workloads to internet-facing services.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For those services that remain on-premises or are behind Azure Private Endpoints, we have enabled Azure VPN, which we\u2019ve migrated from \u201calways on\u201d to manual access when a VPN is required. Our goal is to further reduce dependency on VPNs in order to restrict access to only required services, rather than the broader access that VPNs provide. We also further reduced the risk of lateral movement by implementing the Entra Secure Service Edge solution. &nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Implementing Entra SSE allows us to provide secure tunnel access through Private Access and Internet Access for Microsoft Services. For Microsoft-specific SaaS solutions like Microsoft 365 and Microsoft Dynamics, the Internet Access for Microsoft Services gives us important functionality, including token protection and the ability to prevent man-in-the-middle (MitM) attacks.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">We are also working on onboarding our on-premises and Private Endpoints through Private Access. In addition to helping deal with MitM attacks and token protection, this allows for direct service connections from the client to the service, without allowing broader access to other services that an employee should not have direct access to.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Zero Trust architecture with Microsoft services<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The graphic below provides a simplified reference architecture for our approach to implementing Zero Trust. The primary components of this process are Intune for device management and device security policy configuration, Microsoft Entra Conditional Access for device health validation, and Microsoft Entra ID for user and device inventory.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The system works with Intune, by pushing device configuration requirements to the managed devices. The device then generates a statement of health, which is stored in Microsoft Entra ID. When the device user requests access to a resource, the device health state is verified as part of the authentication exchange with Microsoft Entra ID.<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-text-align-center\">Microsoft Security Zero Trust access model<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"407\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/04\/10736_graphic_2_larger-1024x407.png\" alt=\"Zero Trust access diagram: Intune enrollment (mobile devices, employees and guest users and desktop) and Internet access for Microsoft Services (Microsoft 365 Dynamics, Microsoft Cloud SaaS apps and On-premises\/legacy). \" class=\"wp-image-18943\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/04\/10736_graphic_2_larger-1024x407.png 1024w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/04\/10736_graphic_2_larger-300x119.png 300w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/04\/10736_graphic_2_larger-768x306.png 768w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/04\/10736_graphic_2_larger.png 1043w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Microsoft\u2019s internal Zero Trust architecture.<\/em><\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">A transition that\u2019s paying off<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">In our transition to a Zero Trust model, we continue to make consistent progress. Over the last several years, we\u2019ve increased identity-authentication strength with expanded coverage of strong authentication, a transition to biometrics-based authentication <a href=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-strong-user-authentication-with-windows-hello-for-business\/\">by using Windows Hello for Business<\/a>, and phishing-resistant credentials for all supported platforms. We\u2019ve deployed device management and device-health validation capabilities across all major platforms. We\u2019ve also launched a Windows Virtual Desktop system that provides secure access to company resources from unmanaged devices and is Zero Trust compliant by design.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">As we continue our progress, we\u2019re making ongoing investments in Zero Trust. We\u2019re expanding health-validation capabilities across devices and applications, increasing the Virtual Desktop features to cover more use cases, and implementing better controls on our network. After reducing (and eliminating when possible) our dependencies on VPN, our next chapter is to migrate to a more modern secure tunnel per application.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Each enterprise that adopts Zero Trust will need to determine what approach best suits their unique environment. This includes balancing risk profiles with access methods, defining the scope for the implementation of Zero Trust in their environments, and determining what specific verifications they want to require for users to gain access to their company resources. In all of this, encouraging the organization-wide embrace of Zero Trust is critical to success, no matter where you decide to begin your transition.<\/p>\n\n\n\n<div class=\"wp-block-group has-global-padding is-content-justification-left is-layout-constrained wp-container-core-group-is-layout-c0392459 wp-block-group-is-layout-constrained\" style=\"padding-right:0;padding-left:0\">\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-container-core-group-is-layout-7db9d80f wp-block-group-is-layout-constrained\" style=\"padding-right:0;padding-left:0\">\n<figure class=\"wp-block-image alignleft size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"190\" height=\"190\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/07\/Key-takeaways-badge.png\" alt=\"\" class=\"wp-image-19493\" style=\"object-fit:cover;width:75px;height:75px\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/07\/Key-takeaways-badge.png 190w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/07\/Key-takeaways-badge-150x150.png 150w\" sizes=\"auto, (max-width: 190px) 100vw, 190px\" \/><\/figure>\n\n\n\n<p class=\"has-body-xl-font-size wp-block-paragraph\" style=\"margin-top:var(--wp--preset--spacing--spacing-24);margin-bottom:0;padding-top:var(--wp--preset--spacing--spacing-24)\">Key takeaways<\/p>\n<\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Here are some tips for moving to a Zero Trust security model at your company:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\"><strong>Collect telemetry and evaluate risks,<\/strong> then set goals.\u200b<\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>Get to modern identity and MFA<\/strong>\u2014then onboard to Microsoft Entra ID.\u200b<\/li>\n\n\n\n<li class=\"wp-block-list-item\">For conditional access enforcement, <strong>focus on your most-used applications<\/strong> to ensure maximum&nbsp;coverage.\u200b<\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>Start with simple policies for device health enforcement, <\/strong>such as device lock or&nbsp;password complexity.&nbsp;\u200b<\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>Run pilots and ringed rollouts.<\/strong> Slow and steady wins the race.&nbsp;\u200b<\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>Migrate your users to the internet<\/strong> and monitor VPN traffic to understand internal&nbsp;dependencies.\u200b<\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>Focus on the user experience,<\/strong> which is critical to employee productivity and morale.&nbsp;Without adoption, your program won\u2019t be successful.\u200b<\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>Communication is key<\/strong>\u2014bring your employees on the journey with you!&nbsp;\u200b<\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>Assign performance indicators and goals<\/strong> for all workstreams and elements, including employee sentiment.<\/li>\n<\/ul>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-content-justification-left is-layout-constrained wp-container-core-group-is-layout-c0392459 wp-block-group-is-layout-constrained\" style=\"padding-right:0;padding-left:0\">\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-container-core-group-is-layout-7db9d80f wp-block-group-is-layout-constrained\" style=\"padding-right:0;padding-left:0\">\n<figure class=\"wp-block-image alignleft size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"190\" height=\"190\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/07\/Try-it-out-badge.png\" alt=\"\" class=\"wp-image-19492\" style=\"object-fit:cover;width:75px;height:75px\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/07\/Try-it-out-badge.png 190w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/07\/Try-it-out-badge-150x150.png 150w\" sizes=\"auto, (max-width: 190px) 100vw, 190px\" \/><\/figure>\n\n\n\n<p class=\"has-body-xl-font-size wp-block-paragraph\" style=\"margin-top:var(--wp--preset--spacing--spacing-24);margin-bottom:0;padding-top:var(--wp--preset--spacing--spacing-24)\">Try it out<\/p>\n<\/div>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/zero-trust?OCID=InsideTrack_Product_10736\" target=\"_blank\" rel=\"noreferrer noopener\">Learn how your organization can protect and modernize with a shift to a Zero Trust strategy.<\/a><\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-content-justification-left is-layout-constrained wp-container-core-group-is-layout-c0392459 wp-block-group-is-layout-constrained\" style=\"padding-right:0;padding-left:0\">\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-container-core-group-is-layout-7db9d80f wp-block-group-is-layout-constrained\" style=\"padding-right:0;padding-left:0\">\n<figure class=\"wp-block-image alignleft size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"190\" height=\"190\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/07\/Related-links-badge.png\" alt=\"\" class=\"wp-image-19491\" style=\"object-fit:cover;width:75px;height:75px\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/07\/Related-links-badge.png 190w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/07\/Related-links-badge-150x150.png 150w\" sizes=\"auto, (max-width: 190px) 100vw, 190px\" \/><\/figure>\n\n\n\n<p class=\"has-body-xl-font-size wp-block-paragraph\" style=\"margin-top:var(--wp--preset--spacing--spacing-24);margin-bottom:0;padding-top:var(--wp--preset--spacing--spacing-24)\">Related links<\/p>\n<\/div>\n\n\n\n<ul style=\"margin-top:var(--wp--preset--spacing--spacing-20)\" class=\"wp-block-list\">\n<li class=\"wp-block-list-item\"><a href=\"https:\/\/learn.microsoft.com\/en-us\/security\/zero-trust\/zero-trust-overview\" target=\"_blank\" rel=\"noreferrer noopener\">Learn more about the concept of Zero Trust.<\/a><\/li>\n\n\n\n<li class=\"wp-block-list-item\"><a href=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/improving-security-by-protecting-elevated-privilege-accounts-at-microsoft\/\">Explore improving security by protecting elevated-privilege accounts at Microsoft.<\/a><\/li>\n\n\n\n<li class=\"wp-block-list-item\"><a href=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/keeping-our-in-house-optical-network-safe-with-a-zero-trust-mentality\/\">Find out how we keep our in-house optical network safe with a Zero Trust mentality.<\/a><\/li>\n\n\n\n<li class=\"wp-block-list-item\"><a href=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-strong-user-authentication-with-windows-hello-for-business\/\">See how we\u2019re implementing strong user authentication with Windows Hello for Business internally at Microsoft.<\/a><\/li>\n\n\n\n<li class=\"wp-block-list-item\"><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/topic\/zero-trust\/\" target=\"_blank\" rel=\"noreferrer noopener\">Read our Microsoft Security Zero Trust blogs<\/a>.<\/li>\n<\/ul>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-content-justification-left is-layout-constrained wp-container-core-group-is-layout-c0392459 wp-block-group-is-layout-constrained\" style=\"padding-right:0;padding-left:0\">\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-container-core-group-is-layout-7db9d80f wp-block-group-is-layout-constrained\" style=\"padding-right:0;padding-left:0\">\n<figure class=\"wp-block-image alignleft size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"190\" height=\"190\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/07\/Wed-like-to-hear-from-you-badge.png\" alt=\"\" class=\"wp-image-19490\" style=\"object-fit:cover;width:75px;height:75px\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/07\/Wed-like-to-hear-from-you-badge.png 190w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/07\/Wed-like-to-hear-from-you-badge-150x150.png 150w\" sizes=\"auto, (max-width: 190px) 100vw, 190px\" \/><\/figure>\n\n\n\n<p class=\"has-body-xl-font-size wp-block-paragraph\" style=\"margin-top:var(--wp--preset--spacing--spacing-24);margin-bottom:0;padding-top:var(--wp--preset--spacing--spacing-24)\">We&#8217;d like to hear from you!<\/p>\n<\/div>\n\n\n\n<ul style=\"margin-top:var(--wp--preset--spacing--spacing-20)\" class=\"wp-block-list is-style-list-no-bullets\">\n<li class=\"wp-block-list-item\"><a href=\"mailto:msitstaff@microsoft.com\">Want more information? Email us and include a link to this story and we\u2019ll get back to you.<\/a><\/li>\n<\/ul>\n<\/div>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>At Microsoft, our shift to a Zero Trust security model\u2014which began more than seven years ago\u2014has helped us navigate many challenges. Engage with our experts! Customers or Microsoft account team representatives from Fortune 500 companies are welcome to request a virtual engagement on this topic with experts from our Microsoft Digital team. The increasing prevalence [&hellip;]<\/p>\n","protected":false},"author":209,"featured_media":18940,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_hide_featured_on_single":false,"_show_featured_caption_on_single":true,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[882,35],"tags":[137,850,115,849,689,848,419],"coauthors":[841],"class_list":["post-9344","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it-strategy","category-post-format-video","tag-change-management","tag-end-user-services-and-support","tag-microsoft-azure","tag-network-and-infrastructure","tag-network-security","tag-security-and-risk-management","tag-zero-trust","program-microsoft-digital-technical-stories","m-blog-post"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Implementing a Zero Trust security model at Microsoft - Inside Track Blog<\/title>\n<meta name=\"description\" content=\"Learn about the challenges and milestones in our journey toward a Zero Trust security model at Microsoft.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-a-zero-trust-security-model-at-microsoft\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Implementing a Zero Trust security model at Microsoft - Inside Track Blog\" \/>\n<meta property=\"og:description\" content=\"Learn about the challenges and milestones in our journey toward a Zero Trust security model at Microsoft.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-a-zero-trust-security-model-at-microsoft\/\" \/>\n<meta property=\"og:site_name\" content=\"Inside Track Blog\" \/>\n<meta property=\"article:published_time\" content=\"2025-04-24T18:30:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-09T17:09:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/04\/10736_hero_image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2300\" \/>\n\t<meta property=\"og:image:height\" content=\"1293\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"David Hirning\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"David Hirning\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/implementing-a-zero-trust-security-model-at-microsoft\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/implementing-a-zero-trust-security-model-at-microsoft\\\/\"},\"author\":{\"name\":\"David Hirning\",\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/#\\\/schema\\\/person\\\/e760383087e27b1a34dab6888c00fe20\"},\"headline\":\"Implementing a Zero Trust security model at Microsoft\",\"datePublished\":\"2025-04-24T18:30:00+00:00\",\"dateModified\":\"2025-12-09T17:09:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/implementing-a-zero-trust-security-model-at-microsoft\\\/\"},\"wordCount\":2367,\"image\":{\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/implementing-a-zero-trust-security-model-at-microsoft\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/uploads\\\/prod\\\/2025\\\/04\\\/10736_hero_image.jpg\",\"keywords\":[\"change management\",\"End user services and support\",\"Microsoft Azure\",\"Network and infrastructure\",\"Network Security\",\"Security and risk management\",\"Zero Trust\"],\"articleSection\":[\"IT strategy\",\"Video\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/implementing-a-zero-trust-security-model-at-microsoft\\\/\",\"url\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/implementing-a-zero-trust-security-model-at-microsoft\\\/\",\"name\":\"Implementing a Zero Trust security model at Microsoft - Inside Track Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/implementing-a-zero-trust-security-model-at-microsoft\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/implementing-a-zero-trust-security-model-at-microsoft\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/uploads\\\/prod\\\/2025\\\/04\\\/10736_hero_image.jpg\",\"datePublished\":\"2025-04-24T18:30:00+00:00\",\"dateModified\":\"2025-12-09T17:09:51+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/#\\\/schema\\\/person\\\/e760383087e27b1a34dab6888c00fe20\"},\"description\":\"Learn about the challenges and milestones in our journey toward a Zero Trust security model at Microsoft.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/implementing-a-zero-trust-security-model-at-microsoft\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/implementing-a-zero-trust-security-model-at-microsoft\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/implementing-a-zero-trust-security-model-at-microsoft\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/uploads\\\/prod\\\/2025\\\/04\\\/10736_hero_image.jpg\",\"contentUrl\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/uploads\\\/prod\\\/2025\\\/04\\\/10736_hero_image.jpg\",\"width\":2300,\"height\":1293,\"caption\":\"Our Zero Trust security model enables us to provide a healthy and protected environment internally at Microsoft.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/implementing-a-zero-trust-security-model-at-microsoft\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Implementing a Zero Trust security model at Microsoft\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/\",\"name\":\"Inside Track Blog\",\"description\":\"How Microsoft does IT\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/#\\\/schema\\\/person\\\/e760383087e27b1a34dab6888c00fe20\",\"name\":\"David Hirning\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a9c9517e077d0a2cab05c61c242f45fe43c4347fe57ab87cb88ce6ec843c3854?s=96&d=mm&r=gc7c1a3ec3eb99a661ac29f1f96fa7024\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a9c9517e077d0a2cab05c61c242f45fe43c4347fe57ab87cb88ce6ec843c3854?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a9c9517e077d0a2cab05c61c242f45fe43c4347fe57ab87cb88ce6ec843c3854?s=96&d=mm&r=g\",\"caption\":\"David Hirning\"},\"url\":\"https:\\\/\\\/www.microsoft.com\\\/insidetrack\\\/blog\\\/author\\\/dhirning\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Implementing a Zero Trust security model at Microsoft - Inside Track Blog","description":"Learn about the challenges and milestones in our journey toward a Zero Trust security model at Microsoft.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-a-zero-trust-security-model-at-microsoft\/","og_locale":"en_US","og_type":"article","og_title":"Implementing a Zero Trust security model at Microsoft - Inside Track Blog","og_description":"Learn about the challenges and milestones in our journey toward a Zero Trust security model at Microsoft.","og_url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-a-zero-trust-security-model-at-microsoft\/","og_site_name":"Inside Track Blog","article_published_time":"2025-04-24T18:30:00+00:00","article_modified_time":"2025-12-09T17:09:51+00:00","og_image":[{"width":2300,"height":1293,"url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/04\/10736_hero_image.jpg","type":"image\/jpeg"}],"author":"David Hirning","twitter_card":"summary_large_image","twitter_misc":{"Written by":"David Hirning","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-a-zero-trust-security-model-at-microsoft\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-a-zero-trust-security-model-at-microsoft\/"},"author":{"name":"David Hirning","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/e760383087e27b1a34dab6888c00fe20"},"headline":"Implementing a Zero Trust security model at Microsoft","datePublished":"2025-04-24T18:30:00+00:00","dateModified":"2025-12-09T17:09:51+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-a-zero-trust-security-model-at-microsoft\/"},"wordCount":2367,"image":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-a-zero-trust-security-model-at-microsoft\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/04\/10736_hero_image.jpg","keywords":["change management","End user services and support","Microsoft Azure","Network and infrastructure","Network Security","Security and risk management","Zero Trust"],"articleSection":["IT strategy","Video"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-a-zero-trust-security-model-at-microsoft\/","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-a-zero-trust-security-model-at-microsoft\/","name":"Implementing a Zero Trust security model at Microsoft - Inside Track Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-a-zero-trust-security-model-at-microsoft\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-a-zero-trust-security-model-at-microsoft\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/04\/10736_hero_image.jpg","datePublished":"2025-04-24T18:30:00+00:00","dateModified":"2025-12-09T17:09:51+00:00","author":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/e760383087e27b1a34dab6888c00fe20"},"description":"Learn about the challenges and milestones in our journey toward a Zero Trust security model at Microsoft.","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-a-zero-trust-security-model-at-microsoft\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-a-zero-trust-security-model-at-microsoft\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-a-zero-trust-security-model-at-microsoft\/#primaryimage","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/04\/10736_hero_image.jpg","contentUrl":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/04\/10736_hero_image.jpg","width":2300,"height":1293,"caption":"Our Zero Trust security model enables us to provide a healthy and protected environment internally at Microsoft."},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/implementing-a-zero-trust-security-model-at-microsoft\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/insidetrack\/blog\/"},{"@type":"ListItem","position":2,"name":"Implementing a Zero Trust security model at Microsoft"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/","name":"Inside Track Blog","description":"How Microsoft does IT","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/insidetrack\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/e760383087e27b1a34dab6888c00fe20","name":"David Hirning","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/a9c9517e077d0a2cab05c61c242f45fe43c4347fe57ab87cb88ce6ec843c3854?s=96&d=mm&r=gc7c1a3ec3eb99a661ac29f1f96fa7024","url":"https:\/\/secure.gravatar.com\/avatar\/a9c9517e077d0a2cab05c61c242f45fe43c4347fe57ab87cb88ce6ec843c3854?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a9c9517e077d0a2cab05c61c242f45fe43c4347fe57ab87cb88ce6ec843c3854?s=96&d=mm&r=g","caption":"David Hirning"},"url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/author\/dhirning\/"}]}},"jetpack_featured_media_url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2025\/04\/10736_hero_image.jpg","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9hcZA-2qI","_links":{"self":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/9344","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/users\/209"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/comments?post=9344"}],"version-history":[{"count":23,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/9344\/revisions"}],"predecessor-version":[{"id":21386,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/9344\/revisions\/21386"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/media\/18940"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/media?parent=9344"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/categories?post=9344"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/tags?post=9344"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/coauthors?post=9344"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}