How does Azure implement zero-trust security architecture?
Answer
Zero-trust in Azure is built on three principles: Verify explicitly, Use least privilege access, and Assume breach. Implementation across Azure services: Identity: Azure AD with Conditional Access policies (verify every access attempt based on user, device, location, risk). MFA enforced. Network: microsegmentation via NSGs and Azure Firewall; private endpoints for PaaS services; VPN/ExpressRoute for on-premises. Data: encrypt at rest (SSE with CMK) and in transit (TLS 1.2+); sensitivity labels via Microsoft Purview. Application: Defender for Cloud for vulnerability assessment; WAF on API Gateway and Front Door. Endpoints: Microsoft Intune device compliance before granting access. Infrastructure: RBAC with PIM (Privileged Identity Management) for just-in-time admin access. Azure Defender (Defender for Cloud) provides unified threat detection across all layers.
Previous
What is Azure Service Mesh and how does it relate to Istio?
Next
What is Azure Event Grid and how does it differ from Event Hubs and Service Bus?
More Microsoft Azure Questions
View all →- Advanced What is the Azure landing zone and how is it structured?
- Advanced What is Azure Service Mesh and how does it relate to Istio?
- Advanced What is Azure Event Grid and how does it differ from Event Hubs and Service Bus?
- Advanced What is Azure Defender for Cloud (Microsoft Defender for Cloud)?
- Advanced What is Azure Arc and what problem does it solve?