Ask Downloads
Domain 1 β€” Module 6 of 10 60%
6 of 28 overall
Domain 1: M365 Core Features & Objects Free ⏱ ~11 min read

Zero Trust: Never Trust, Always Verify

Zero Trust is the security philosophy behind everything in Microsoft 365. Three principles that change how you think about security β€” and that the exam tests heavily.

What is Zero Trust?

Simple explanation

Imagine a building where everyone has to show ID at every door β€” not just the front entrance.

In the old security model, once you got past the front door (the corporate firewall), you were trusted everywhere. Walk freely, open any office, access any file.

Zero Trust says: no. Every door checks your ID. Every time. Even if you just walked through the door next to it. Even if you work here. Even if you’ve been here for 20 years.

Why? Because threats come from inside too. A compromised account, a stolen laptop, a malicious insider β€” if they’re already β€œinside,” the old model can’t stop them.

The three core principles

These three principles are tested on almost every security question:

PrincipleWhat It MeansExample
Verify explicitlyAlways authenticate and authorise based on all available data pointsCheck the user’s identity, device health, location, AND the sensitivity of what they’re accessing
Use least privilege accessGive only the minimum permissions needed, for only as long as neededMaya gets Exchange Admin (not Global Admin). PIM gives time-limited elevation.
Assume breachDesign systems as if an attacker is already insideSegment networks, encrypt data at rest and in transit, monitor for anomalies
Exam tip: recognising Zero Trust principles in questions

The exam often describes a scenario and asks β€œwhich Zero Trust principle does this follow?”

Pattern recognition:

  • If the answer involves checking multiple factors before granting access β†’ Verify explicitly
  • If the answer involves limiting permissions or time-bound access β†’ Least privilege
  • If the answer involves monitoring, segmentation, or encryption β†’ Assume breach

Sometimes questions combine principles: β€œCheck the user’s device compliance (verify explicitly) and only grant read access (least privilege) to sensitive files.”

Zero Trust in Microsoft 365 β€” the six pillars

Microsoft applies Zero Trust across six areas:

Zero Trust pillars and their M365 implementations
FeatureM365 ServiceExample
πŸ†” IdentityMicrosoft Entra IDMFA, Conditional Access, PIM
πŸ’» DevicesIntune, Defender for EndpointDevice compliance, health checks
πŸ“± ApplicationsEntra App Registration, Defender for Cloud AppsApp permissions, shadow IT detection
πŸ“„ DataMicrosoft PurviewSensitivity labels, DLP, encryption
πŸ—οΈ InfrastructureAzure, Defender for CloudSecure configurations, monitoring
🌐 NetworksGlobal Secure AccessNetwork segmentation, secure connections
Scenario: Clearfield Council implements Zero Trust

Director Chen rolls out Zero Trust across Clearfield Council:

  1. Identity: MFA required for all users + Conditional Access blocks sign-ins from unknown locations
  2. Devices: Only Intune-managed devices can access M365 (personal phones blocked)
  3. Applications: All third-party apps require admin approval before users can consent
  4. Data: Sensitivity labels auto-applied to documents containing personal data
  5. Infrastructure: All admin accounts require PIM activation (time-limited, approved)
  6. Networks: Remote access only through Global Secure Access (no open VPN)

Each layer adds protection. If one layer fails (e.g., a password is compromised), the other layers still protect the organisation.

Microsoft Secure Score

Secure Score is a measurement of your organisation’s security posture:

  • Scores range from 0 to a maximum based on your subscriptions
  • Higher = more secure
  • Based on recommended actions (enable MFA, block legacy auth, etc.)
  • Found in the Microsoft Defender portal (security.microsoft.com)

Key exam concept: Secure Score tells you HOW well you’ve implemented Zero Trust. It’s a dashboard, not a policy β€” it recommends actions but doesn’t enforce them.

🎬 Video walkthrough

Flashcards

Question

What are the three core Zero Trust principles?

Click or press Enter to reveal answer

Answer

1) Verify explicitly β€” always authenticate using all available data. 2) Use least privilege access β€” minimum permissions, minimum time. 3) Assume breach β€” design as if an attacker is already inside.

Click to flip back
Question

What are the six pillars of Zero Trust in Microsoft 365?

Click or press Enter to reveal answer

Answer

Identity (Entra ID), Devices (Intune/Defender), Applications (app controls), Data (Purview), Infrastructure (Azure/Defender), Networks (Global Secure Access).

Click to flip back
Question

What is Microsoft Secure Score?

Click or press Enter to reveal answer

Answer

A measurement of your organisation's security posture, based on recommended actions. Found in the Microsoft Defender portal. It recommends improvements but doesn't enforce them β€” it's a dashboard, not a policy.

Click to flip back

Knowledge Check

Knowledge Check

Northwave's CISO Jordan wants to ensure that even if an employee's password is compromised, an attacker can't access sensitive files. Which Zero Trust principle should Jordan focus on?
Knowledge CheckSelect all that apply

Maya assigned a temporary Global Admin role to herself for 4 hours to perform a critical configuration change, which then automatically revoked. Which TWO Zero Trust principles does this demonstrate? (Select 2)

Next up: Authentication β€” from passwords to passkeys, the methods Microsoft 365 uses to prove you are who you say you are.