Today, organizations need a new security model that effectively adapts to the complexity of the modern environment, embraces the mobile workforce, and protects people, devices, applications, and data wherever they are located.
To address this new world of computing, Microsoft highly recommends the Zero Trust security model, which is based on these guiding principles:
- Verify explicitly – Always authenticate and authorize based on all available data points.
- Use least privilege access – Limit user access with Just-In-Time and Just-Enough-Access (JIT/JEA), risk-based adaptive policies, and data protection.
- Assume breach – Minimize blast radius and segment access. Verify end-to-end encryption and use analytics to get visibility, drive threat detection, and improve defenses.
For more information about Zero Trust, see Microsoft’s Zero Trust Guidance Center.
A Zero Trust approach extends throughout the entire digital estate and serves as an integrated security philosophy and end-to-end strategy.
This illustration provides a representation of the primary elements that contribute to Zero Trust.
Many of the capabilities can be extended to protect access to other SaaS apps your organization uses and the data within these apps. See deploying Zero Trust for Microsoft 365 to learn more.
For more information on best practices key to keeping your apps secure, see:
Microsoft’s Building apps with a Zero Trust approach to identity
Build Zero Trust-ready apps using Microsoft identity platform features and tools
To learn more about creating an access model based on Conditional Access that’s aligned with the guiding principles of Zero Trust, see Conditional Access for Zero Trust.
English 
Arabic