In this document, we will share guiding principles for implementing a Zero Trust security model and a
maturity model to help assess your Zero Trust readiness and plan your own implementation journey. While every organization is different and each journey will be unique, we hope the Microsoft Zero Trust Maturity Model will expedite your progress.
Cloud applications and the mobile workforce have redefined the security perimeter. Employees are bringing their own devices and working remotely. Data is being accessed outside the corporate network and shared with external collaborators such as partners and vendors. Corporate applications and data are moving from on-premises to hybrid and cloud environments.
The new perimeter isn’t defined by the physical location(s) of the organization—it now extends to every
access point that hosts, stores, or accesses corporate resources and services. Interactions with corporate
resources and services now often bypass on-premises perimeter-based security models that rely on
network firewalls and VPNs. Organizations which rely solely on on-premises firewalls and VPNs lack the
visibility, solution integration and agility to deliver timely, end-to-end security coverage.
Today, organizations need a new security model that more effectively adapts to the complexity of the
modern environment, embraces the mobile workforce, and protects people, devices, applications, and data wherever they are located. This is the core of Zero Trust.