Zero Trust Security Implementation: Security Best Practices from Microsoft
As incidents of cyberattacks and cyber fraud continue to grow in severity, Zero Trust principles offer the most effective approach to preventing breaches. The online world faces an alarming year-on-year increase of 1000% in ransomware attacks, so staying on top of cyber security is more important than ever.
Zero Trust is the principle that nothing within or outside an organisations’ systems should be automatically trusted. Instead, everything must be verified prior to granting access, and you should assume the position that breaches will happen.
In practical terms, this means preventing access to IP addresses, machines and systems until you’ve identified who a user is and whether they have authorisation. A proactive, integrated Zero Trust approach is the essential security strategy for any CSP partner.
3 key principles of Zero Trust:
- Verify explicitly
- Use least privileged access
- Assume breach
What is Zero Trust best practice?
Today’s organisations need a security model that is fit for the complexity of the cloud-based environment. The Zero Trust approach is the best way to protect the remote and hybrid workplace, covering people, devices, apps, and data.
Microsoft has helped multiple organisations across the world develop Zero Trust strategies in response to the growing sophistication of cyber crime. However, fraudulent online activity is still on the rise – mainly as a result of security best practices not being implemented or followed consistently.
In response, Microsoft is helping educate partners with a range of training and resources on Zero Trust knowledge development, best practice, strategy, architecture, cost management, tools/products and ongoing management.
Build your knowledge with Microsoft’s Zero Trust resources
Use these links to register for the latest training courses:
Overviews and quick reads:
- Learn the Microsoft Zero Trust approach in this Inspire session with Jake Mowrer and Gina Yong: Adopting Zero Trust: Steps you can take to secure your Microsoft business
- Zero Trust introductory blog: Securing the channel: journey to Zero Trust
- Zero Trust principles blog: Journey to Zero Trust: a proactive approach to securing your customers
Deep dive white papers:
- Learn how real-world deployments and attacks are shaping the future of Zero Trust strategies – Evolving Zero Trust.
- Learn and apply strategy with The Comprehensive Playbook for a Zero Trust Security Strategy.
- Learn how to implement a Zero Trust framework – The Zero Trust Business Plan
- Learn how to holistically apply Zero Trust principles to provide multiple layers of defence – Zero Trust Defense Areas e-book
Access Microsoft’s experts at live Q&A sessions: Register here
Evaluate your customers’ Zero Trust maturity level with a range of self-assessment tools
Find extra support in the Partner Centre
Learn how to set up a designated CSP security contact
Access Microsoft’s tools to secure your identities
Enable phish-resistant MFA for your tenants and for your customer tenants.
- Learn how to enable security defaults in Azure AD.
- Assess the security of your Azure Ad tenant and learn how to improve their security score.
- Review the best practices for using Azure Active Directory role-based access control, to grant administrators only the permissions they need to do their job.
- Discover the passwordless authentication options for Azure Active Directory.
- Learn how to configure and enforce MFA.
Harness DAP. Delegated administration privileges (DAP) provide the capability to manage a customer’s service or subscription on their behalf.
- To keep on top of security, you can review your DAP report and remove unused connections here.
- Learn more about DAP with this FAQ.
- Introduction to GDAP.
- Follow this GDAP Step by Step Guide.
- Learn how to request GDAP permissions. More granular control better addresses customers’ security concerns.
- Learn how to use the DAP to GDAP bulk migration tool.
Secure your endpoints
Use secured devices to access your tenant – learn how devices should be managed, secured, and monitored for risk.
- Learn how Microsoft Defender for Endpoint rapidly stops attacks, scales security resources, and evolves defences across operating systems and network devices.
- Watch the video overview: Microsoft Defender for Endpoint
Learn how to enforce compliance devices using Azure AD conditional access.
- Conditional Access – require compliant or hybrid joined devices.
- Configure and manage device identities in Azure AD.
Ongoing monitoring and managing
Enable fraud detection and notifications
- Enroll to receive Azure Fraud email notifications to detect crypto currency mining.
- Learn how to put fraud prevention and detection risk mitigation controls in place – managing nonpayment, fraud, or misuse.
- Learn how to prevent unexpected growth in Azure spending due to misconfiguration or malicious activity.
Set up cost management
- Cost Management + Billing – Microsoft Cost Management
- Get started with Cost Management for partners
- Set an Azure spending budget for customers
- Monitor usage and spending with cost alerts in Cost Management
Set up identity protection
Get on top of Zero Trust with Microsoft’s comprehensive training
Microsoft’s training is available for all partners in the CSP program who are responsible for managing their customers’ tenants. It covers the kinds of security vulnerabilities exploited by recent attacks (such as Nobelium) and teaches you the best practices for protecting your customers and their users. The training includes threat awareness, auditing and monitoring, guidance on hardening your environment and specific actions you should be taking.
intY are here to help
Zero Trust principles provide an invaluable framework for a world of increasing and evolving threats. We highly recommend you take full advantage of Microsoft’s excellent training and resources to put you in full control of cyber security and keep ahead of trends.
intY’s team of experts are on hand to answer any questions you might have about implementing Zero Trust frameworks with your customers.
Identity management solutions can be advantageous to Managed Service Providers, along with the benefits it can deliver to their customers