SoftwareOne logo

5.30 min to readDigital Workplace

Zero Trust in action

gama-mario-contact
Mario GamaPractice Leader
woman looking at smartphone

In this blog series, we’re aiming to break down what Zero Trust means and help business leaders better understand what this security model entails and how to make best use of it. In this blog, we will bring the model to life by walking you through a typical day of an employee who works in a high-performance workplace with a Zero Trust security model in a Microsoft environment.

Meet Stephanie. She works in the marketing team for a global online travel company - AmazingTrips. The organisation offers a hybrid work environment, giving employees the flexibility to work from their offices, home, or even some of their travel destinations. Today Stephanie is heading into the London office for a meeting.

Example of how Zero Trust architecture enables Stephanie to work flexibly and securely

9am - user logs in

Stephanie begins her day by signing into her laptop. She inputs her username and password. Unbeknownst to her, her device is connecting to Microsoft Entra ID (previously Azure AD) , which checks that she is a recognised employee at AmazingTrips. She is asked to authenticate who she is by clicking a button on her Microsoft Authenticator App on her phone. This Multi-Factor Authentication (MFA) is required to ensure that no-one has accessed Stephanie’s laptop without her knowledge. From the security team’s perspective, it means the user's identity is strongly verified.

Device compliance check

Before granting Stephanie access, the system checks the device's compliance status through Microsoft Intune (Endpoint Manager). The device must meet the organisation's security policies, ensuring it is secure and up to date.  

Any inconsistences during this process and the Microsoft Security ecosystem, present within Microsoft 365 platform, will request additional validations or other actions defined under the security policies and Zero Trust defined criteria. If Stephanie’s device does not meet the security requirements, i.e. outdated antivirus or missing a security policy, the login process will be redirected to an isolated virtual network to update the policies and patches.

10am - accessing applications

Having checked her emails and caught up with the team, Stephanie needs to access a SharePoint site to work on campaign materials for a new confidential product launch. Microsoft Entra ID evaluates Stephanie’s request based on her role, location, device compliance, and the application's sensitivity. Conditional Access policies ensure that only the necessary access is granted, aligning with the principle of least privilege. Microsoft Defender for Identity manages identity risk and detects advanced identity-based cyberthreats across an organisation in real time. As Stephanie meets the requirements and does not pose any risk level, she gains access to the files she needs to work on.

11am - data protection in action

Because she’s accessing sensitive documents, Microsoft Purview Information Protection automatically classifies and labels the information that Stephanie has been working on. As changes are made or new materials created, the documents are encrypted, ensuring that data is protected both in transit and at rest.

12pm - connecting from a new location

Stephanie must travel from the London office to Paris on the Eurostar to meet the French marketing team. She wants to keep working while she travels on the train. The Zero Trust system re-evaluates Stephanie’s access request, considering the new location and network. Access might be restricted, or Stephanie might be asked for additional verification, demonstrating the principle of "always verify”.

2pm - threat detection and response

Throughout the day, Microsoft 365 Defender monitors Stephanie’s device, identity, apps, etc. for abnormal behaviours. The system has picked up that Stephanie is now in France, a different location from where she was in the morning. This potential suspicious activity triggers an “impossible travel” alert, and the system automatically reinforces the Conditional Access. If confirmed as a threat – for example, a situation of login from both London and Asia within a few minutes – the suspicious access is blocked, reducing dramatically any potential damage. In Stephanie’s situation, it’s not a case of “impossible travel” and she keeps the access, without any impact on her work.

3pm - collaborating on sensitive projects

Having worked hard on getting the campaign materials ready, Stephanie needs someone from the product team to review what she has created. She sends a link to the SharePoint files to her colleague Sam. However, when Sam clicks the link to request access to the files, access is refused as he’s not been defined as a member of the marketing team and doesn’t meet the policy requirements. Sam must click a button to request access.

As the owner of the materials, the access request is sent to Stephanie, who can immediately approve Sam’s request and the two of them can collaborate on the materials together. This access to project files is controlled through Microsoft Entra ID, with permissions dynamically adjusted based on the project's sensitivity and participants' roles. 

5.30pm - end-of-day sign-off

As Stephanie logs off, the system continues to monitor for any unusual activity associated with the user's identity or device, ready to respond to threats even when she is not active.

10pm - mobile check in

After dinner with the French team, Stephanie wants to check her emails. She uses her mobile phone. She runs through similar authentication sign in again, with Entra ID running in the background, ensuring that this log in with a new device is still her. Also, AmazingTrips security policy might request Sthepanie to enrol her mobile in Microsoft Intune, to guarantee this device’s protection.

Continuous improvement

Telemetry and security analytics collected throughout the day feed into Microsoft Sentinel. This data helps refine security policies and threat detection, ensuring AmazingTrip’s Zero Trust posture adapts to new challenges.

Secure work from anywhere

Every day, AmazingTrip's Zero Trust architecture continuously evaluates and re-evaluates trust each time a user or device requests access to resources. This dynamic approach ensures that security is maintained regardless of the user's location, device, or network environment.

As a day in the life of Stephanie shows, a Zero Trust approach to security means that she can work from anywhere, collaborate with colleagues, work on highly sensitive documents and still remain secure. If requests are made by unapproved users, they can be verified without dramatically slowing the flow of work. And if the users want to change locations or devices throughout the day, they can, confident that they can securely access their work.

Want to learn more?

Understand some of the common misconceptions about Zero Trust

blue digital waves

Envision the art of the possible

If you want to understand your current security score and how you can move towards a Zero Trust model, request a free one hour envision workshop with SoftwareOne*.

*Subject to regional availability.

Envision the art of the possible

If you want to understand your current security score and how you can move towards a Zero Trust model, request a free one hour envision workshop with SoftwareOne*.

*Subject to regional availability.

Author

gama-mario-contact

Mario Gama
Practice Leader