Example of how Zero Trust architecture enables Stephanie to work flexibly and securely
9am - user logs in
Stephanie begins her day by signing into her laptop. She inputs her username and password. Unbeknownst to her, her device is connecting to Microsoft Entra ID (previously Azure AD) , which checks that she is a recognised employee at AmazingTrips. She is asked to authenticate who she is by clicking a button on her Microsoft Authenticator App on her phone. This Multi-Factor Authentication (MFA) is required to ensure that no-one has accessed Stephanie’s laptop without her knowledge. From the security team’s perspective, it means the user's identity is strongly verified.
Device compliance check
Before granting Stephanie access, the system checks the device's compliance status through Microsoft Intune (Endpoint Manager). The device must meet the organisation's security policies, ensuring it is secure and up to date.
Any inconsistences during this process and the Microsoft Security ecosystem, present within Microsoft 365 platform, will request additional validations or other actions defined under the security policies and Zero Trust defined criteria. If Stephanie’s device does not meet the security requirements, i.e. outdated antivirus or missing a security policy, the login process will be redirected to an isolated virtual network to update the policies and patches.
10am - accessing applications
Having checked her emails and caught up with the team, Stephanie needs to access a SharePoint site to work on campaign materials for a new confidential product launch. Microsoft Entra ID evaluates Stephanie’s request based on her role, location, device compliance, and the application's sensitivity. Conditional Access policies ensure that only the necessary access is granted, aligning with the principle of least privilege. Microsoft Defender for Identity manages identity risk and detects advanced identity-based cyberthreats across an organisation in real time. As Stephanie meets the requirements and does not pose any risk level, she gains access to the files she needs to work on.
11am - data protection in action
Because she’s accessing sensitive documents, Microsoft Purview Information Protection automatically classifies and labels the information that Stephanie has been working on. As changes are made or new materials created, the documents are encrypted, ensuring that data is protected both in transit and at rest.
12pm - connecting from a new location
Stephanie must travel from the London office to Paris on the Eurostar to meet the French marketing team. She wants to keep working while she travels on the train. The Zero Trust system re-evaluates Stephanie’s access request, considering the new location and network. Access might be restricted, or Stephanie might be asked for additional verification, demonstrating the principle of "always verify”.
2pm - threat detection and response
Throughout the day, Microsoft 365 Defender monitors Stephanie’s device, identity, apps, etc. for abnormal behaviours. The system has picked up that Stephanie is now in France, a different location from where she was in the morning. This potential suspicious activity triggers an “impossible travel” alert, and the system automatically reinforces the Conditional Access. If confirmed as a threat – for example, a situation of login from both London and Asia within a few minutes – the suspicious access is blocked, reducing dramatically any potential damage. In Stephanie’s situation, it’s not a case of “impossible travel” and she keeps the access, without any impact on her work.
3pm - collaborating on sensitive projects
Having worked hard on getting the campaign materials ready, Stephanie needs someone from the product team to review what she has created. She sends a link to the SharePoint files to her colleague Sam. However, when Sam clicks the link to request access to the files, access is refused as he’s not been defined as a member of the marketing team and doesn’t meet the policy requirements. Sam must click a button to request access.
As the owner of the materials, the access request is sent to Stephanie, who can immediately approve Sam’s request and the two of them can collaborate on the materials together. This access to project files is controlled through Microsoft Entra ID, with permissions dynamically adjusted based on the project's sensitivity and participants' roles.
5.30pm - end-of-day sign-off
As Stephanie logs off, the system continues to monitor for any unusual activity associated with the user's identity or device, ready to respond to threats even when she is not active.
10pm - mobile check in
After dinner with the French team, Stephanie wants to check her emails. She uses her mobile phone. She runs through similar authentication sign in again, with Entra ID running in the background, ensuring that this log in with a new device is still her. Also, AmazingTrips security policy might request Sthepanie to enrol her mobile in Microsoft Intune, to guarantee this device’s protection.
Continuous improvement
Telemetry and security analytics collected throughout the day feed into Microsoft Sentinel. This data helps refine security policies and threat detection, ensuring AmazingTrip’s Zero Trust posture adapts to new challenges.