(83) Zero Trust Assessments

Lately I have been busy doing Zero Trust Assessments as part of my transition into my new role with Cyber Security. There are two types of Zero Trust Assessments, one of them is the Microsoft 365 Zero Trust Assessments and the other is Azure Zero Trust Assessments.

What are Zero Trust Assessments?

There are assessment strategies of the entire assets, extending across the following pillars: Identities, Endpoints, Data, Applications, Infrastructure and Network.

By running the following link, it will identity where the organisation is stting at currently and what can be implemented by applying those changes that is needed.

What is Conditonal Access for Zero Trust?

By design and framework for implementing Zero Trust principles by using Conditonal Access to control access to cloud services. The framework below represents a structured approach to control access to cloud services.

The following articles would be recommended to read up if interested.

• Conditional Access design principles and dependencies provides recommended principles that, together with your company's requirements, serve as input to the suggested persona-based architecture.

• Conditional Access architecture and personas introduces the persona-based approach for structuring Conditional Access policies. It also provides suggested personas that you can use as a starting point.

• Conditional Access framework and policies provides specific details on how to structure and name Conditional Access policies that are based on the personas.

Zero Trust Recommendations Roadmap

Depending on how the environment is scoped out, the roadmap todo's for 30 days to 90 days and beyond is shown as an example of might need to happen.