12. In einer optimalen Zero-Trust-Implementierung sind Ihre digitalen Assets verbunden und in der Lage, das
Signal zu liefern, das erforderlich ist, um fundierte Zugriffsentscheidungen mithilfe automatisierter
Richtliniendurchsetzung zu treffen.
13. In drei Schritten zu Zero Trust
1. Automatisierte Identitäts- &
Zugriffsverwaltung
2. Zentrales Unified Endpoint
Management
3. Privilegierte
Benutzerrechtevergabe &
Applikationsmanagement
14. Zero Trust Reifegradmodell
Das Zero Trust-
Reifegradmodell
Mit diesen Grundprinzipien,
einer Übersicht des End-to-End-
Frameworks und einem
skalierbaren Reifegradmodell
verfügen Sie über das nötige
Wissen, um den Zero Trust-
Fortschritt im Unternehmen zu
bewerten, Stakeholder zu
informieren und die nächsten
Schritte zu priorisieren.
Leitfaden herunterladen
17. Microsoft Intelligent Security Association
• Collaboration
strengthens protection
• Teaming up with our security partners to
build an ecosystem of intelligent security
solutions that better defend against a
world of increased threats
20. Identity Data
Networking
Devices Apps Infrastructure
Logical Components of a Zero Trust Architecture
Evolving Zero Trust—Lessons learned and emerging trends - Microsoft Security Blog
21. Was bedeutet Zero Trust?
Workloads
Endgeräte
Personen Intelligenz Daten
22. Guiding Principles and Standards
• Principles are high-level statements of the values that guide IT and the
Business, e.g. “Information is an asset”. They are universally agreed
truths. They guide and shape the lower-level artefacts; standards and
policies.
• Principles change very little – if at all – over time.
• The objectives should change very little over time, as they are
foundations of Zero Trust and an organization’s Cybersecurity
strategy.
• Strategies are long-term missions that do not frequently change.
Therefore, the Principles are best tied to strategic objectives.
• Standards define the specification to which we do something, e.g. “Data-
at-rest must be encrypted using AES 128 bit or better”.
• Standards change, they improve and become obsolete.
• They are closer to technology.
• Design decisions are shaped by standards and principles and will
prescribe a product and configuration. e.g. “Disks shall be encrypted
using Microsoft BitLocker”.
• Principles are not tangible, so appropriate standards and policies must be
defined and enforced in order to implement the Principles.
24. Defender for
Office 365
Defender for
Endpoint
Defender for
Identity
Defend across attack chains
Phishing
mail
Open
attachment
Click a URL
Browse
a website
Exploitation
and Installation
Command
and Control
Azure AD
Identity Protection
Brute force account or use
stolen account credentials
User account is
compromised
Attacker collects
reconnaissance &
configuration data
Attacker attempts
lateral movement
Privileged account
compromised
Domain
compromised
Microsoft Cloud
App Security
Attacker accesses
sensitive data
Exfiltration
of data
Leading
indicators
History of violations
Distracted and careless
Disgruntled or disenchanted
Subject to stressors
Insider risk
management
Insider has access
to sensitive data
Anomalous
activity detected
Data
leakage
Potential
sabotage
Azure Defender
https://aka.ms/MCRA
30. Situation: Solution: Impact:
“We chose the best of suite approach with the Microsoft 365 E5 solution, and now we have
an overview of our environment that helps us to react in real time and defend against attacks
proactively.”
When Siemens began to
transition to the cloud, it
emphasized real-time, proactive
security in order to apply a Zero
Trust approach. It needed a tightly
coordinated set of security
solutions to protect identities,
data, and endpoints.
.- Thomas Mueller-Lynch, Service Owner Lead for Digital Identity, Siemens
Already committed to the
productivity-enhancing apps in
Microsoft 365, it now makes full
use of the rich security built into
the solution, including Azure
Active Directory, Microsoft
Defender for Identity, Microsoft
Endpoint Manager, Microsoft
Defender for Endpoint, and
more.
Siemens is realizing the advantages
of an encompassing security system
that is worth more than the sum of
its parts: a tightly coordinated set of
solutions that helps protect
company data and about 300,000
devices easily, efficiently—and
proactively.
Customer:
Siemens
Industry:
Manufacturing
Size:
Large (10,000+ employees)
Country:
Germany
Products and services:
Microsoft Azure Active Directory
Microsoft Cloud App Security
Microsoft Defender for Endpoint
Microsoft Defender for Identity
Microsoft Endpoint Manager
Microsoft Information Protection P2
Customer Lockbox for Azure
Read full story here
32. This track exposes participants to all the key azure services at the disposal of the organization and all the cybersecurity concepts necessary to
ensure the confidentiality, integrity and availability of all these resources and information systems. There Will be deep dive, hands-on
sessions on key areas such as Azure Security Center, Azure Sentinel, Azure Monitor, IAM, Data and Application Security.
This track will help participants acquire the skills required to secure both M365 (E3 & E5) deployments and comply with industry & territorial
data protections. Key Security concepts such as Threat Management & Protection, IAM, Application & Mobility Security, GDPR, Compliance,
Risk and Security Governance will be taught.