Describe the Concept of Zero Trust

1) Verify Explicitly

• For every interaction, re-authenticate and verify the access

• Look for any anomalies in that interaction

2) Least Privileges

• Only grant the permissions absolutely necessary

3) Assume Breach

• Assume bad actors on the network at all times

Look at the context of the request to determine the overall risk and then control what you will let that service actually do

• Azure AD Premium provides conditional access control