|
|
|
@ -23,7 +23,7 @@ The [Zero Trust Principles](https://www.microsoft.com/security/business/zero-tru
|
|
|
|
|
|
|
|
|
|
|
|
**Use least-privileged access**. Limit user access with just-in-time and just-enough-access, risk-based adaptive polices, and data protection to help secure data and maintain productivity.
|
|
|
|
**Use least-privileged access**. Limit user access with just-in-time and just-enough-access, risk-based adaptive polices, and data protection to help secure data and maintain productivity.
|
|
|
|
|
|
|
|
|
|
|
|
**Assume breach**. Assume breach operates in a manner that minimizes blast radius and segments access. Verify end-to-end encryption and use analytics to get visibility, drive threat detection, and improve defenses.
|
|
|
|
**Assume breach**. Prevent attackers from obtaining access to minimize potential damage to data and systems. Protect privileged roles, verify end-to-end encryption, use analytics to get visibility, and drive threat detection to improve defenses.
|
|
|
|
|
|
|
|
|
|
|
|
For Windows 11, the Zero Trust concept of verify explicitly applies to the risks introduced by both devices and users. Windows 11 provides IT administrators the attestation and measurements to determine whether a device meets requirements and can be trusted. And Windows 11 works out of the box with Microsoft Intune and Azure Active Directory, so access decisions and enforcement are seamless. Plus, IT Administrators can easily customize Windows 11 to meet specific user and policy requirements for access, privacy, compliance, and more.
|
|
|
|
For Windows 11, the Zero Trust concept of verify explicitly applies to the risks introduced by both devices and users. Windows 11 provides IT administrators the attestation and measurements to determine whether a device meets requirements and can be trusted. And Windows 11 works out of the box with Microsoft Intune and Azure Active Directory, so access decisions and enforcement are seamless. Plus, IT Administrators can easily customize Windows 11 to meet specific user and policy requirements for access, privacy, compliance, and more.
|
|
|
|
|
|
|
|
|
|
|
|
@ -50,3 +50,7 @@ A summary of the steps involved in attestation and Zero Trust on the device side
|
|
|
|
6. The attestation service returns an attestation report that contains information about the security features based on the policy configured in the attestation service.
|
|
|
|
6. The attestation service returns an attestation report that contains information about the security features based on the policy configured in the attestation service.
|
|
|
|
7. The device then sends the report to the MEM cloud to assess the trustworthiness of the platform according to the admin-configured device compliance rules.
|
|
|
|
7. The device then sends the report to the MEM cloud to assess the trustworthiness of the platform according to the admin-configured device compliance rules.
|
|
|
|
8. Conditional access, along with device-compliance state then decides to grant access to protected resource or not.
|
|
|
|
8. Conditional access, along with device-compliance state then decides to grant access to protected resource or not.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Additional Resources
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Learn more about Microsoft Zero Trust solutions in the [Zero Trust Guidance Center](/security/zero-trust/)
|
|
|
|
|
denisebmsft