1. Home
  2. Training Library
  3. Microsoft 365
  4. Microsoft 365 Courses
  5. Introduction to Security in Microsoft 365

Zero Trust Methodology


Introduction to Security in Microsoft 365
1m 12s

The course is part of this learning path

Zero Trust Methodology

In this course, we take an introductory look at the security tools within Microsoft 365.

Learning Objectives

  • Explain what a Zero Trust Policy is and what value it can have.
  • Explain identity and access management concepts.
  • Explain threat and information protection in Microsoft 365.
  • Understand the different tools and portals available to you in Microsoft 365 security offerings.

Intended Audience

  • Users who are new to Microsoft 365.
  • Users looking to learn about the security offerings Microsoft 365 has to offer.


An understanding of general technical concepts.


We start here with the Zero Trust policy as it should be the baseline for security within any organization. Essentially, it can be summed up in five words: Trust No One; Verify Everything. These five words are the cornerstone of the Zero Trust methodology and will help you understand things going forward in this course. Zero Trust is a methodology that you can apply to your organization's security. Assuming that everything and everyone is an untrusted source, allows you to implement security measures as if that were the case, thereby increasing the overall level of security. 

It is built on three core principles to help guide security; verify explicitly, least privilege access, and assume breach. Verify explicitly simply means you should always authenticate on any data points available. Verification by identity, location, device, and more should all be used when accessing sensitive data. An example of this would be a user login attempt from an unsecured network. The user may be who they say they are; however, the unsecured network makes accessing sensitive data risky and therefore should not be authorized. 

Do not assume they're authorized simply because they know a password or they have their device. Always verify. Least privilege access is the principle to limit users' access with just in time or just enough access. Essentially, the principle of only giving the users just enough access for what they need with adaptive risk policies. Enabling users with access to what they need while restricting it to other information. And finally, assume breach. This principle is exactly what it says. Always assume a breach. 

Implementing data encryption, segmenting access by users or network and utilizing the analytics and threats detection tools are all examples of tools that should be used at all times. Each of these three principles are the foundation for the Zero Trust methodology, and built upon them are six additional pillars to create the entire security structure. These pillars are identities, devices, applications, data, infrastructure, and networks. We'll start off with identities. These are things like users or devices. 

And identities attempt to access resources. It should follow the least privileged access principle of Zero Trust. Utilizing strong authentication methods like Multi factor authentication adds a secure way of protecting identities. The device's pillar focuses on the vulnerabilities of devices accessing sensitive data. By monitoring the compliancy of each device with regulations and policies, you can ensure that your devices are kept safe and quickly respond to security threats. The application pillar focuses on how data is accessed and viewed. This is where permissions management and something called shadow IT come into play, which we'll cover a little bit later on in the course. The data pillar covers how data should be protected via classification and encryption. 

Protecting data through encryption ensures it is kept safe at all times whether at rest or in transit. The infrastructure pillar represents a potential threat area. Protecting infrastructure through an anomaly detection tools along with just in time and just enough access protects from potential risks and allows you to automatically block that security risk. And finally, the network pillar. This focuses on monitoring an end-to-end encryption of communication and data transit. By monitoring and utilizing security analytics, you can make sure that you're protected from external threats. Each of these pillars provides another level of protection from potential security threats. 

Alongside the principles and the pillars, there's another tool or model rather that's something called defense-in-depth. A strategy to provide a layered approach to security. By creating different layers of security with defense-in-depth, you can ensure that if one layer has breached a latter layer would prevent unauthorized access. Some of these layers are similar to the pillars and some examples would be identity and access security, physical security, perimeter security, network security, compute security, application security and data security. Each of these layers protects organizations from external threats, and even if one is compromised, there are still multiple layers of protection to ensure that sensitive data and information is protected. 

The final piece to this information security puzzle happens to be a triangle and is known as the CIA Triad. This is a widely accepted practice of protecting information from unauthorized access. CIA stands for Confidentiality, Integrity, and Availability. Each of these is a side of the triangle that builds the CIA Triangle. Confidentiality refers to keeping confidential information and data encrypted and confidential. This includes things like Multi factor authentication to ensure the user accessing the data is authorized and data encryption with things like Bitlocker. Integrity refers to ensuring information is correct. If you send a message or an email, then the message received is the same message that you sent. Integrity is knowing that the data has not been altered in any way. 

This can include tools like sensitivity labels or permissions access to verify integrity of data access or sent. And finally, availability. This is where the data is available to those who need it. Keeping data secure and encrypted is important. However, making sure that employees who need access to that data and can access it and work with it, is just as important. Allowing employees or users permissions to access or decrypt data relevant to their needs, is an example of the availability piece of the triangle. Each side of the Triad works together to create a protective barrier for organizations data. All of these tools, models, and policies come together as a basis of understanding with which to ensure security across all organizations. With that in mind, let's now move into Identity and Access Management.


About the Author
Learning Paths

Lee has spent most of his professional career learning as much as he could about PC hardware and software while working as a PC technician with Microsoft. Once covid hit, he moved into a customer training role with the goal to get as many people prepared for remote work as possible using Microsoft 365. Being both Microsoft 365 certified and a self-proclaimed Microsoft Teams expert, Lee continues to expand his knowledge by working through the wide range of Microsoft certifications.