Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft security best practices are designed to help organizations protect their digital estates by reducing risk, improving resilience, and enabling secure productivity.
- At the core of these best practices is the Zero Trust security model. Zero Trust assumes that threats exist both inside and outside the network, and emphasizes verifying every access request, enforcing least privilege access, and segmenting resources as we assume breach.
Zero Trust principles are reinforced through a combination of engineering best practices, frameworks, benchmarks, and assessment tools.
Best practices and recommendations
Microsoft's Secure Future Initiative (SFI)
A series of best practices and security learning based on Microsoft's multi-year efforts to increasingly secure the way in which we design, build, test, and operate our products. SFI provides a series of best practice patterns that you can learn from and implement. SFI tackles security by pillars. Objectives for each pillar align to one or more NIST Cybersecurity Framework functions.
Microsoft Entra security recommendations
Check identity and app security configuration and posture. Recommendations aligns to SFI themes. These best practices are included in the Zero Trust Assessment tool.
Microsoft Intune device security recommendations
Ensure tenant-level governance and device compliance. Protect data on devices and in transit, and enforce secure access to organizational data. These best practices are included in the Zero Trust Assessment tool.
Azure networking security best practices
Assess and harden network posture with Azure DDoS protection, Azure Firewall, Azure Web Application Firewall on Application Gateway or Azure Front Door. These best practices are included in the Zero Trust Assessment tool.
-
Check Microsoft Purview configuration settings for data security posture. These best practices are included in the Zero Trust Assessment tool.
The Microsoft Cloud Security Benchmark (MCSB)
Provides a series of best practices and recommendations for improving the security of workloads, data, and services on Azure.
Other Microsoft Defender products such as Defender for Cloud and Security Exposure Management, and Microsoft Purview Compliance Manager also monitor and assess your enterprise security posture, providing actionable security and compliance insights and recommendations.
External best practices and framework also provide Zero Trust security principles and guidance. Learn more.
Next steps
Use the links provided in this article to dig more deeply into different types of security best practices. Or:
- To kick off by assessing your current security posture, start with Zero Trust assessment.
- To get started with structured adoption, follow our Zero Trust adoption path.
- To dive into critical security outcomes that business leaders typically focus on, start with our business scenarios. To start directly with implementation for business solutions and technical pillars such as devices and data, review implementing technical solutions.