Implementing CISA’s Zero Trust Architecture: A Microsoft Approach - Introduction

Today, I want to start a new series on a topic that has a lot of misconception and have been misused for commercial gain. It's often resumed by "don't trust anything" or "verify everything" but there's more to it.

It's when I read "Zero Trust overview and playbook introduction" by Mark Simos, that I realised how much I didn't know and that it was time to refine my knowledge on this architectural model.

Zero trust is not a product but a complete framework.

Mark Simos, Zero Trust overview and playbook introduction, Packt

During my quest, I discovered multiple vendor agnostic documentations developed by government or independent institutions aiming to educate and help organisations of all sizes improving their security and increasing the attacker cost for an attack. Many resources are publicly available and free of charge. They establish a vision and roadmap to strengthen your environment and enable a different way to tackle security.

For every document I read, I couldn't stop referencing Microsoft and Azure security ecosystem and when I came across Zero trust maturity model from the Cybersecurity and Infrastructure Security Agency (CISA), I thought it was a perfect baseline for this series. The document is brief, simple and provides a table to implement the Zero trust pillars at different stage of maturity.

There are 5 independent pillars and an additional 3 spanning across them as illustrated below:

We will look at each of those pillars, map every functions/capabilities to its Microsoft/Azure product, have a glimpse the equivalent feature.

You may ask why should you adopt Microsoft ecosystem?

• Coverage:

• Integration:

• Development:

• Documentation:

• Community:

• Licencing:

I hope this series will help embarking to the Zero trust journey, and demystify the concept. For those who may want to deep dive in the architecture, I have added all the resources I used during this journey in the references section.

Thanks for reading!

References

• Zero Trust Overview and Playbook Introduction | Packt (packtpub.com)

• Zero Trust Maturity Model | CISA

• What is Zero Trust? | Microsoft Learn

• Zero Trust Commandments | (opengroup.org)

• Zero Trust Architecture | NIST

• Zero Trust Reference Architecture | DoD

• Microsoft Cybersecurity Reference Architectures (MCRA) - Security documentation | Microsoft Learn

• The Chief Information Security Officer (CISO) Workshop - Security documentation | Microsoft Learn

• Maturity Model Paper | Microsoft

About William Francillette:

I am a Microsoft Solutions Architect specialized in Microsoft 365, Entra and Azure security products at Threatscape.

I love learning, blogging and coding. My interests are very diverse and span across architecture, security, cloud engineering, automation, DevOps and PowerShell.

I own over a dozen Microsoft certifications and have worked in IT across multiple and diverse industries for over 15 years.