Instead of believing everything inside the corporate firewall is safe, the Zero Trust model assumes breach and a ‘never trust, always verify’ access approach. All users and devices inside and outside the enterprise perimeter are verified in real time. Every access request is authenticated and authorized based on a multitude of available data points, including user identity, location, device information, data classification and anomalies.
Identity is one of the six foundational pillars of a Zero Trust framework, along with devices, applications, data, infrastructure and network. Each of these pillars is a source of signal, a control plane for enforcement and a critical resource to be defended. Microsoft recommends four steps for implementing strong identity for a Zero Trust security model:
Multi-factor authentication (MFA)
Secure access to SaaS and on-premises apps
In this blog post we will review Multi-factor authentication (MFA), the foundation of strong identity. Password-only authentication mechanisms are no longer sufficient to protect user accounts, because employees and external collaborators connect to enterprise resources from inside and outside the corporate network using a variety of devices, including unmanaged employee-owned smartphones and tablets. MFA adds an additional layer of defense by requiring users to provide two or more forms of authentication to access an account. The forms of authentication can include something the user knows (such as a password), something they have (such as a phone or other trusted device) or something that makes up who they are (such as a fingerprint or other biometric).
The second-factor authentication methods supported in Azure AD MFA include the following:
Microsoft Authenticator App
Windows Hello for Business
FIDO2 security keys
Automated voice calls
“Condition-based access and controls such as MFA are important to prevent unauthorized access to corporate applications, services and data. MFA spamming has become more prevalent with increasing adoption of strong authentication. Azure AD offers a broad range of flexible authentication methods to meet the unique needs of your organization and helps keep your users protected. Build up your organization’s strong identity by enabling stronger MFA features in Microsoft Authenticator. You can choose to approve sign-ins from a mobile app using push notifications, biometrics, or one-time passcodes, or replace passwords and boost the security of your accounts from your mobile device.” – Balazs Maar, Microsoft Solutions Sales Manager.
All Microsoft customers can enable MFA for free with the Microsoft Authenticator app and MFA is now enabled by default for all new Azure AD tenants for Microsoft 365, Office 365, Dynamics and Azure. Reach out to us to consult on improving security posture with a seamless MFA enablement.
According to the Zero Trust framework, when an identity attempts to access a resource, organizations need a system that can verify the identity with strong authentication, ensure access is compliant and typical for that identity and apply principles of least privileged access. Identity protection is one of the 4 recommended steps that helps implementing a strong identity, as our expert says “it is fundamental to ensure that everyone is only and exclusively authorized to do the job they are supposed to do.”
Identity is one of the six foundational pillars of a Zero Trust framework, along with devices, applications, data, infrastructure and network. Identities – whether they represent people, services or Internet of Things (IoT) devices – define the Zero Trust control plane. Out of the 4 recommended steps (multi-factor authentication, policy-based access, identity protection and secure access to SaaS and on-premises apps) that helps implementing Strong identity, policy-based access is a must because “With policy-based access we have near real time protection alongside an optimized for productivity user experience that omits all unnecessary or excessive security prompts and checks. That way, we all can focus on our work, knowing that we are protected” - Vitan Kostov, Noventiq’s Solution Sales Manager.
The Zero Trust framework helps businesses modernize their security technologies and processes effectively, maximizing protection against the current threat landscape. In the following summary, we focus on the first two pillars of the Zero Trust framework, identities and endpoints—and provide hands-on guidance on how to keep them secure.
In the era of digital transformation and the rise of hybrid work models, cybersecurity's significance has surged. With cybercriminals evolving and exploiting every vulnerability, organizations must prioritize security. According to Microsoft, 98% of cyberattacks can be prevented by an adequately defended system. Read the summary of a Microsoft article which explores six core domains demanding attention: email, identity, endpoint, Internet of Things (IoT), cloud, external.