These posters and technical diagrams give you information about deployment and implementation steps to apply the principles of Zero Trust to Microsoft cloud services, including Microsoft 365 and Microsoft Azure.
Zero Trust is a security model that assumes breach and verifies each request as though it originated from an uncontrolled network. Regardless of where the request originates or what resource it accesses, the Zero Trust model teaches us to "never trust, always verify."
As an IT architect or implementer, you can use these resources for deployment steps, reference architectures, and logical architectures to more quickly apply Zero Trust principles to your existing environment for:
Microsoft 365
Microsoft Copilot for Microsoft 365
Azure services:
Azure IaaS Azure Virtual WANYou can download the following types of illustrations:
A PDF file. A Microsoft Visio file (if ailable). A Microsoft PowerPoint file (if ailable).To use the same set of icons and templates in the Visio or PowerPoint files, get the downloads in Microsoft 365 architecture templates and icons.
Zero Trust for Microsoft 365This illustration provides a deployment plan for applying Zero Trust principles to Microsoft 365.
Item Description PDF | Visio Updated March 2024 Use this illustration together with this article: Microsoft 365 Zero Trust deployment planRelated solution guides
Deploy your identity infrastructure for Microsoft 365Recommended identity and device access configurationsManage devices with IntuneEvaluate and pilot Microsoft Defender XDRDeploy an information protection solution with Microsoft PurviewDeploy information protection for data privacy regulations with Microsoft 365 Zero Trust for Microsoft Copilot for Microsoft 365Adopting Microsoft Copilot for Microsoft 365 or Copilot is a great incentive for your organization to invest in Zero Trust. This set of illustrations introduces new logical architecture components for Copilot. It also includes security and deployment recommendations for preparing your environment for Copilot. These recommendations align with Zero Trust recommendations and help you begin this journey, even if your licenses are Microsoft 365 E3.
Item Description PDF | Visio Updated November 2023 Copilot combines the power of large language models (LLMs) with your data in the Microsoft Graph (calendar, emails, chats, documents, meetings, and more) and the Microsoft 365 apps to provide a powerful productivity tool.This series of illustrations provides a view into new logical architecture components. It includes recommendations for preparing your environment for Copilot with security and information protection while assigning licenses.
Apply Zero Trust to Azure IaaS components posterThis poster provides a single-page, at-a-glance view of the components of Azure IaaS as reference and logical architectures. It also provides the steps to ensure that these components he the "never trust, always verify" principles of the Zero Trust model applied.
Item Description PDF | Visio Updated June 2024 Use this poster together with this article: Apply Zero Trust principles to Azure IaaS overviewRelated solution guides
Azure Storage servicesVirtual machinesSpoke virtual networks (VNets)Hub VNets Diagrams for applying Zero Trust to Azure IaaS componentsYou can also download the technical diagrams used in the Zero Trust for Azure IaaS series of articles. These diagrams are an easier way to view the illustrations in the article or modify them for your own use.
Item Description PDF | Visio Updated June 2024 Use these diagrams together with the articles starting here: Apply Zero Trust principles to Azure IaaS overviewRelated solution guides
Azure Storage servicesVirtual machinesSpoke VNetsHub VNets Zero Trust for Azure Virtual WAN diagramsThese diagrams show the reference and logical architectures for applying Zero Trust to Azure Virtual WAN. These diagrams are an easier way to view the illustrations in the article or modify them for your own use.
Item Description PDF | Visio Updated March 2024 Use this illustration together with this article: Apply Zero Trust principles to Azure Virtual WAN Zero Trust for Azure Virtual Desktop diagramsThese diagrams show the reference and logical architectures for applying Zero Trust to Azure Virtual Desktop. These diagrams are an easier way to view the illustrations in the article or modify them for your own use.
Item Description PDF | Visio Updated March 2024 Use this illustration together with this article: Apply Zero Trust principles to Azure Virtual Desktop Zero Trust Identity and Device Access PoliciesThis illustration shows the set of Zero Trust identity and device access policies for three levels of protection: Starting point, Enterprise, and Specialized security.
Item Description PDF Updated March 2024 Use this illustration together with this article: Recommended identity and device access configurationsRelated solution guides
Plan your Microsoft 365 Zero Trust deploymentDeploy your identity infrastructure for Microsoft 365Manage devices with IntuneEvaluate and pilot Microsoft 365 DefenderDeploy an information protection solution with Microsoft PurviewDeploy information protection for data privacy regulations with Microsoft 365 Common attacks and how Microsoft capabilities for Zero Trust can protect your organizationLearn about the most common cyber attacks and how Microsoft capabilities for Zero Trust can help your organization at every stage of an attack. Also use a table to quickly link to Zero Trust documentation for common attacks based on technology pillars such as identities or data.
Item Description PDF |Visio Updated February 2024 Use this illustration together with this article: Zero Trust deployment for technology pillars Other Microsoft security posters and illustrationsThese other Microsoft security posters and illustrations are ailable:
Microsoft Intune enrollment options: PDF | Visio
An overview of the three phases as layers of protection against ransomware attackers: PDF. Use this poster together with the What is ransomware? article.
An overview of how Microsoft's SecOps team does incident response to mitigate ongoing attacks: PDF
The Security Best Practices slide presentation: PDF|PowerPoint
The top 10 Azure Security best practices: PDF|PowerPoint
The phishing, password spray, app consent grant incident response playbook workflows: PDF|Visio
Next stepsUse the following Zero Trust content based on a documentation set or the roles in your organization.
Documentation setFollow this table for the best Zero Trust documentation sets for your needs.
Documentation set Helps you... Roles Adoption framework for phase and step guidance for key business solutions and outcomes Apply Zero Trust protections from the C-suite to the IT implementation. Security architects, IT teams, and project managers Concepts and deployment objectives for general deployment guidance for technology areas Apply Zero Trust protections aligned with technology areas. IT teams and security staff Zero Trust for small businesses Apply Zero Trust principles to small business customers. Customers and partners working with Microsoft 365 for business Zero Trust Rapid Modernization Plan (RaMP) for project management guidance and checklists for easy wins Quickly implement key layers of Zero Trust protection. Security architects and IT implementers Zero Trust deployment plan with Microsoft 365 for stepped and detailed design and deployment guidance Apply Zero Trust protections to your Microsoft 365 organization. IT teams and security staff Zero Trust for Microsoft Copilots for stepped and detailed design and deployment guidance Apply Zero Trust protections to Microsoft Copilots. IT teams and security staff Zero Trust for Azure services for stepped and detailed design and deployment guidance Apply Zero Trust protections to Azure workloads and services. IT teams and security staff Partner integration with Zero Trust for design guidance for technology areas and specializations Apply Zero Trust protections to partner Microsoft cloud solutions. Partner developers, IT teams, and security staff Develop using Zero Trust principles for application development design guidance and best practices Apply Zero Trust protections to your application. Application developers Your roleFollow this table for the best documentation sets for your role in your organization.
Role Documentation set Helps you... Security architectIT project manager
IT implementer
Adoption framework for phase and step guidance for key business solutions and outcomes Apply Zero Trust protections from the C-suite to the IT implementation. Member of an IT or security team Concepts and deployment objectives for general deployment guidance for technology areas Apply Zero Trust protections aligned with technology areas. Customer or partner for Microsoft 365 for business Zero Trust for small businesses Apply Zero Trust principles to small business customers. Security architectIT implementer
Zero Trust Rapid Modernization Plan (RaMP) for project management guidance and checklists for easy wins Quickly implement key layers of Zero Trust protection. Member of an IT or security team for Microsoft 365 Zero Trust deployment plan with Microsoft 365 for stepped and detailed design and deployment guidance for Microsoft 365 Apply Zero Trust protections to your Microsoft 365 organization. Member of an IT or security team for Microsoft Copilots Zero Trust for Microsoft Copilots for stepped and detailed design and deployment guidance Apply Zero Trust protections to Microsoft Copilots. Member of an IT or security team for Azure services Zero Trust for Azure services for stepped and detailed design and deployment guidance Apply Zero Trust protections to Azure workloads and services. Partner developer or member of an IT or security team Partner integration with Zero Trust for design guidance for technology areas and specializations Apply Zero Trust protections to partner Microsoft cloud solutions. Application developer Develop using Zero Trust principles for application development design guidance and best practices Apply Zero Trust protections to your application.