One of the biggest issues in moving to the cloud is how to ensure the security of your data.  In the old days you would simply put up a firewall and assume everything behind it was secure, but this can’t work a Cloud environment.  Microsoft’s Azure uses hardened servers, uses multiple layers of protection, and actively monitors all networks.  But your data still needs to be accessible to anyone who needs it, without allowing anyone else.  So how do you pull off this complex issue?

To address this issue the concept called Zero Trust was developed ten years ago, which relies on the four pillars of verifying the identity of users, validating every device, limiting access and privilege, and utilizing AI to analyze user behaviors and network connections.  Microsoft and other companies have employed Zero Trust to ensure all their client’s data is secure and is one of the only proven effective ways to prevent breach attempts.

In Azure’s system, Zero Trust starts with utilizing Azure AD and Conditional Access which changes authentication, so instead of treating every login the same, you can change the requirements depending on factors like the application being accessed, the location of the request, or the risk level of the user.  Conditional Access can also authenticate devices and ensure they are compliant with Intune or another MDM system, as well as authenticated by the Domain, so you can authenticate both the user and device.  Azure also analyzes all logins with an AI system to detect behavioral anomalies, which could indicate an unauthorized attempt, as well as impossible locations, when two login attempts are detected from locations too far apart to travel between.

Azure and Office365 limits access to data and privileged operations by only granting the access that has been requested, and not simply the access the user is authorized for.  While this might result in additional authentication requests, it prevents additional actions being carried out without explicit approval from the user.  So, if an Administrator logs in to check their email, they will have to log in again to the Office 365 Admin Portal.

The last pillar, using AI to analyze behaviors and network connections, is automatically performed by Azure AD on all logins and connections to Azure and Office365.  This will alert administrators if there is an issue such as a risky login, or an attempted attack on your data.

Zero Trust has made your Azure and Office365 systems secure, but what about your on-premises systems?   Conditional Access can be applied to them too, by using Windows ADFS and AD Connect to provide strong authentication, and by using Azure AD Connect Health to extend Azure monitoring and analytics to on-premises.

By using Zero Trust, the cloud has become safer then most on-premises systems, and Microsoft is improving the security of Azure and Office365 every day.  Just don’t throw out that Firewall until everything is safely in the Cloud.