Microsoft's vision for zero trust security focuses on generative AI and reflects the need for continuous improvement in identity and network access to combat complex cyber attacks. Many of their security announcements at Ignite 2023 reflect their efforts to build a future of zero trust with greater adaptability and context intelligence.

Zero trust is at the core of Microsoft's future

At the Ignite 2023 conference, Microsoft made it clear that their shift towards a trust model is identity-based. Zero trust permeates their security strategy, and their identity-centric approach to defining and delivering Secure Service Edge (SSE) solutions reflects their focus and scale. Their SSE solutions are based on the use of Microsoft Entra for internet and private access, as well as Defender for cloud applications.

"We must always assume breach, and that means constant monitoring. That means a lot of logs. That means everything needs to constantly emit data to help you trust it," said Alex Simons, Corporate Vice President of Identity and Network Access at Microsoft, during the "Accelerate Your Zero Trust Journey with Unified Access Control" session.

Simons continued, "Our conditional access policy engine is at the core. It allows you to describe your corporate policies in one place, who should be able to access what resources on what devices, and under what time and risk level, all consolidated in one place."

Simons emphasized Microsoft's full commitment to the core principles of zero trust. He explained that the core principles of verifying identity, granting least privileged access, and assuming breach are the cornerstones of Microsoft's development in zero trust, identity and network access, and secure service edge. Simon stressed that Microsoft is fully dedicated to the trust framework they have created, where every identity, resource, request to a resource, and location is constantly validated.

The zero trust conference on Thursday also highlighted the importance of the conditional access policy engine and Microsoft Entra for Microsoft's future in zero trust. Entra's privilege management is crucial to Microsoft's zero trust security strategy as it enforces least privileged access and provides a unified interface for managing and monitoring permissions in multi-cloud environments.

Microsoft's zero trust vision taking shape

Sinead Odonovan, Vice President of SSE Product Management at Microsoft, provided a detailed overview of the solution roadmap that the SSE platform and the Identity and Network Access team are working towards.

Odonovan stated that the team plans to deliver six key elements of the zero trust-based SSE solution roadmap this quarter, with a focus on secure gateways and VPN alternatives. In the first half of 2024, Microsoft will introduce Microsoft Internet Access and Private Access for the general public. The future roadmap also includes more solutions to strengthen their zero trust strategy, including improved network DLP, BYOD, threat protection, and firewall support.

Microsoft unveiled a new Unified Security Operations Platform suite at Ignite 2023, integrating Microsoft Sentinel, Microsoft Defender XDR, and Microsoft Security Copilot. Enterprise customers will gain continuous monitoring and adaptive threat response through the integration of SIEM, XDR, and AI, which is crucial in zero trust to ensure detection and mitigation of threats across network segments.

When asked why Microsoft is now integrating security components and entering the XDR market, Meulen stated, "Security practitioners highly value the detection quality provided by XDR and the flexibility of SIEM. However, many are asking themselves... why do I need two separate products for detection and response in a security operations center (XDR and SIEM)?" Meulen added, "There are several reasons for this. Chief Information Security Officers are always looking for opportunities to centralize data to save costs. With XDR and SIEM being separate, the data used for detection and investigation is stored in two different places, which is frustrating for security teams that already have to justify high SIEM budgets."

Meulen also mentioned that security analysts want to simplify detection, investigation, and response in a unified analyst experience. Meulen explained that the lack of a unified analyst experience between these two products forced security analysts to frequently switch between two different views.

Meulen continued, "Consolidating these two products into one unified analyst experience streamlines the workflow for security analysts. They can now investigate and respond to events from both XDR and SIEM in one place, while still maintaining the detection quality of XDR and the flexibility of SIEM."

Overall, the security announcements at Ignite 2023 reflect the core role of identity and network access in Microsoft's broader integration strategy. Microsoft provides internal examples of adopting SSE, Entra, and InTune.

Microsoft's zero trust vision is taking shape, with generative AI playing a crucial role in helping Microsoft customers pursue the zero trust framework. Encouragingly, Microsoft recognizes the diversity and complexity of their customer environments, and their zero trust innovation is based on continuous monitoring, adaptive threat response, and strengthening all network segments to address emerging cyber threats. The table below provides an overview of security enhancements and their value in zero trust security.