Solutions
Integration & Consulting
Help you move, operate, innnovate and thrive within the Microsoft clouds.
Application Development
Data & Analytics
Artificial Intelligence (AI)
Business Applications
Security
Digital Workplace
Infrastructure
Product Development
Technology
Explore the full list of technologies that our expert consultants can support.
Azure
Microsoft Teams
Microsoft 365
Power Platform
Dynamics 365
Power BI
Microsoft Copilot
Power Apps
Azure OpenAI
Sharepoint
Microsoft Fabric
Microsoft Sentinel
Azure Synapse
Windows
SQL Server
ERP Technologies
System Center
Microsoft Viva
Azure Virtual Desktop
Business Needs
Departmental solutions to ensure cloud and technology enablement across every area of your business.
Sales & Marketing
Operations
Human Resources
Finance & Accounting
Customer Service
Localization Services
Help you translate software so you can capture new business worldwide.
Language Engineering & NLP
Translations & Localization
Licensing
Experts in Microsoft cloud licensing and optimizing costs for your business.
Cloud Solutions Provider (CSP)
Products
MazikCare
Embrace patient-centered, collaborative care with our suite of real-time health solutions.
Care Path
Care Provider Link
Care Supply
Payer Matrix
Data Fusion
EmPerform
Provide people managers with flexible employee performance management software.
ShopFloor
Empower production managers with cutting-edge manufacturing process management.
Velocity Insights
Monitor, analyze, and prioritize .NET, JavaScript or Node JS errors – all on one dashboard.
PowerGov
Engage citizens with a community development app for city maintenance and management.
Managed Services
Azure Management Services
Deliver on your cloud strategy with a team that continuously monitors, improves, and optimizes your Azure environment.
Data & Analytics Program
Operational support for running, monitoring and managing services for the Azure Data Platform.
AI Managed Services
Support for your AI technologies & ongoing strategic coaching to take your AI initiatives to the next level.
Dynamics Program
Ensure the health of your Dynamics environments, optimize usage and encourage user adoption.
Security Program
Take a proactive, continuous approach to optimizing your security environment and strategy.
App Dev Program
Ongoing enhancements, app security, DevOps and reporting for apps running in Azure.
Power Platform Program
Get an extension of your team that ensures the health of your Power Platform.
Microsoft Support Services
Flexible, routine support and environment management for critical Microsoft systems.
Digital Workplace Program
Optimize Microsoft 365 security, usage and user adoption with our digital workplace experts.
Industries
Manufacturing
Education
Public Sector
Financial Services
Healthcare
Energy
Retail
Software
Resources
Blogs
Case Studies
Library
On-Demand Videos
Events
News
Learning Channels
About
Our Partners
Our Story
Locations
Awards & Recognition
Leadership
Microsoft
Our Approach
Careers
Support
Contact us
Solutions
Back
Solutions
Integration & Consulting
Application Development
Data & Analytics
Artificial Intelligence (AI)
Business Applications
Security
Digital Workplace
Infrastructure
Product Development
Technology
Azure OpenAI
Microsoft Copilot
Microsoft Fabric
Azure
Azure Synapse
Azure Virtual Desktop
System Center
SQL Server
Microsoft Sentinel
Microsoft 365
Sharepoint
Microsoft Teams
Microsoft Viva
Windows
Power Platform
Power BI
Power Apps
Dynamics 365
ERP Technologies
Business Needs
Sales & Marketing
Operations
Human Resources
Finance & Accounting
Customer Service
Localization Services
Language Engineering & NLP
Translations & Localization
Licensing
Cloud Solutions Provider (CSP)
Products
Back
Products
EmPerform
MazikCare
Care Path
Care Provider Link
Care Supply
Payer Matrix
Data Fusion
ShopFloor
Velocity Insights
PowerGov
Managed Services
Back
Managed Services
Azure Management Services
AI Managed Services
Security Program
Power Platform Program
Digital Workplace Program
Data & Analytics Program
Dynamics Program
App Dev Program
Microsoft Support Services
Industries
Back
Industries
Manufacturing
Healthcare
Education
Energy
Public Sector
Retail
Financial Services
Software
Resources
Back
Resources
On-Demand Videos
Blogs
Events
Case Studies
News
Library
Learning Channels
Contact us
About
Back
About
Locations
Our Story
Microsoft
Leadership
Our Partners
Awards & Recognition
Our Approach
Careers
Support
Search
Back
Terms of use
Privacy policy
General Quisitive gradient background
How to Secure Remote and Hybrid Work Environments using the Zero Trust Model Part 1
April 14, 2025
Christophe Foulon
Transform your cybersecurity approach to enable secure remote work, focusing on user needs and Zero Trust principles. In Part 1 of this series, we're covering the Define Strategy and Create a Plan stages of a Zero Trust Adoption Process.
Secure Remote Work with Zero Trust Feature Image: A man works from home on a company device

Working from home—at least in part—is the new normal for many employees. This presents new challenges for IT organizations as they seek to ensure cybersecurity approaches can effectively secure remote work.  

In this blog series, I’m sharing how you can adjust your cybersecurity strategy to meet the requirements of a remote and/or hybrid workforce, where employees use personal devices and cloud services outside the corporate network.

Putting yourself in the users’ workflows and understanding what they need to accomplish their jobs will be the foundation of your ability to deploy a modern work approach and implement Zero Trust as part of your modernization effort.

How the Zero Trust Model Mitigates Challenges in Remote and Hybrid Work Cybersecurity

For SMB technology leaders, transitioning from traditional network controls to a Zero Trust model is crucial for modern security because the way employees work today is drastically different from the way they worked when most traditional infrastructure and approaches were developed.

Traditional methods rely on firewalls and VPNs, trusting user accounts and devices by default. In contrast, Zero Trust combines policies, processes, and technology to verify user identities and devices continuously, regardless of location. This approach ensures robust security from cloud to edge, protecting your network, data, and applications whether employees are in the office, at home, or on the go.

Secure Remote Work with Zero Trust Strategy Image 1 - Data being passed from limited known locations to unknown locations
Retrieved from Secure remote and hybrid work with Zero Trust | Microsoft Learn

The adoption cycle for securing remote and hybrid work

Secure Remote Work with Zero Trust Adoption Process

Securing remote and hybrid work with Zero Trust requires implementing basic yet advanced security measures. This involves policy enforcement and monitoring for all access to your organization’s resources using a full end-to-end lifecycle approach.

This article discusses this business scenario through the phases of the Cloud Adoption Framework for Azure, adapted for Zero Trust:

  1. Define Strategy: Specify successful outcomes & align the organization
  2. Create a Plan: Identify stakeholders, create technical plans, and understand required skills
  3. Get Ready: Evaluate current standing and test your plan
  4. Adopt Zero Trust: Implement your strategy across your environment and organization.
  5. Govern and Manage: Monitor your environment and iterate for continuous improvement.

In this first blog, we’ll dive into the first two stages of the Zero Trust Adoption Cycle: Define Strategy and Create a Plan.

Secure Remote Work with Zero Trust Adoption Process - Define Strategy

Stage 1: Defining Your Strategy for Secure Remote Work

The Define Strategy phase is essential for articulating and formalizing our approach to addressing the underlying reasons for this scenario. During this phase, we examine the scenario from business, IT, operational, and strategic perspectives.

We specify the outcomes to measure success within the scenario, recognizing that security is a progressive and iterative process.

Examples of Motivations and Outcomes to Define Your Strategy

Securing remote and hybrid work is essential, but different parts of the organization have various incentives. The following table highlights these motivations:

Business NeedsProvide secure access to information anytime, anywhere on any device, managing data access risks without compromising security.
IT NeedsStandardize identity platforms for both human and non-human identities, eliminate VPN needs, and manage corporate and BYOD devices remotely while ensuring a seamless user experience.
Operational NeedsStandardize existing security solutions, lower management effort for secure identities, and improve identity governance by managing user access effectively.
Strategic NeedsStandardize existing security solutions, lower management effort for secure identities, and improve identity governance by effectively managing user access.

Strategies for Implementing Zero Trust to Secure Remote Work

To be productive, users must be able to use:

  • Their user account credentials to verify their identity.
  • Their endpoint (device), such as a PC, tablet, or phone.
  • The applications you have provided to them.
  • The data required to perform their job.

Understanding how they use these components as part of their role becomes a cornerstone of your approach. To help break this down, you can look at the network over which traffic flows between devices and applications, whether the user and their device are on-premises or on the internet.

Attackers target each one of these elements and must be protected according to the Zero Trust principle: “never trust, always verify.”

ProductivityOrganizations aim to extend productivity securely to users and their devices without limiting employee capabilities based on workforce location.
Safe AccessCompany data and applications need to be accessed by authorized employees securely to protect company intellectual property and personal data.
Support End UsersAs organizations adopt a hybrid workforce approach, employees require additional application and platform capabilities for a secure and mobile work experience.
Increase SecurityThe security of current or proposed work solutions needs enhancement to help organizations adapt to mobile workforce requirements. Security capabilities should match or exceed those available to the on-premises workforce.
Empower ITThe IT team focuses on securing the workplace starting with the employee’s user experience, without significantly increasing friction for users. Additionally, the IT team requires processes and visibility for governance and the ability to detect and mitigate cyberattacks.
Secure Remote Work with Zero Trust Adoption Process - Create a Plan

Stage 2: Create a Plan

Adoption plans transform the aspirational goals of a Zero Trust strategy into a practical framework. These plans provide technical teams with guidance on how to align their efforts with the organization’s business objectives.

The defined motivations and outcomes, developed in collaboration with business leaders and teams, articulate the rationale behind the strategy. They serve as the guiding principles, or North Star, for executing the strategy. The later step involves detailed technical planning to achieve these objectives.

The following exercises are intended to assist in implementing your organization’s technology strategy. They support Zero Trust adoption initiatives by identifying and prioritizing essential tasks. Upon completing this process, you will have a thorough cloud adoption plan that aligns with the metrics and motivations outlined in the cloud adoption strategy.

Implementing security for remote and hybrid work environments requires a phased strategy to enforce Zero Trust principles across identities, devices, and applications. This includes the following requirements:

  • Multifactor authentication (MFA) with Conditional Access must be applied to all user identities accessing the environment.
  • Devices should be enrolled in device management systems and continuously monitored for health status.
  • Access to applications and their data should require verification of identities, healthy devices, and proper data access permissions.

Organizations can achieve these deployment objectives by adopting a four-stage approach, as outlined in the following chart:

Secure Remote Work Zero Trust Image - Alignment chart

Some additional resources from Microsoft you can use as part of your approach include a downloadable PowerPoint slide deck to present and report on your progress through these stages and objectives to business leaders and other stakeholders. Here’s the slide for this business scenario.

Additionally, you can use this Excel workbook to assign owners and track your progress for these stages, objectives, and tasks.

If your organization follows a particular Governance Risk & Compliance (GRC) or Security Operations Center (SOC) strategy, it is essential that the technical work includes configurations that fulfill these requirements.

Understand your organization

Each organization’s needs and composition are different. A multinational enterprise with multiple applications and standardized security will implement security differently from a startup or a medium-sized organization.

Regardless of the size and complexity of your organization, consider these actions:

  • Inventory users, endpoints, apps, data, and networks to assess security status and estimate the effort needed to transform the estate.
  • Document goals and plan for incremental adoption based on priorities. For instance, start by securing identities and Microsoft 365 services, followed by endpoints. Then, secure apps and SaaS services using modern authentication methods and segmentation capabilities provided by Conditional Access.
  • For the principle of least privileged access, inventory accounts with privileged access and reduce them to the minimum necessary. Accounts requiring privileged access should use just-in-time and just-enough-access (JIT/JEA) to limit standing administration privileges. In case of a breach, compromised accounts are limited, minimizing the impact. Except for a “break glass” account, standing admin access should not be allowed for highly privileged roles, including application administration roles for productivity services like SharePoint, Exchange, and Teams.

Organizational planning and alignment

The implementation and governance of a secure access methodology affects several overlapping areas and is typically implemented in the order of:

  • Identities
  • Endpoints (devices)
  • Apps
  • Network

Protecting data is also essential for securing remote and hybrid work. This topic is addressed more thoroughly in Identify and protect sensitive business data.

Do not forget to take into consideration the needs of the various stakeholders, see the image below:

Retrieved from Secure remote and hybrid work with Zero Trust | Microsoft Learn

Robust data protection is essential for remote and hybrid work models. This requires a systematic deployment process, divided into four crucial stages that address specific objectives and resources. Following these stages helps safeguard sensitive business data and optimize work environments. Let’s explore how these stages contribute to a secure and efficient deployment.

Cloud adoption plan

A Zero Trust adoption plan is essential for transitioning to an advanced security strategy that includes change management and governance. It covers securing identities, endpoints, apps, and networks, both existing and new. Planning for remote and hybrid work involves protecting current identities and creating new ones that meet security standards.

Training staff is crucial:

  • Train administrators on new privileged access methods to reduce friction.
  • Equip Helpdesk and IT personnel with a clear security message that balances attacker friction with secure working benefits.
  • Create user adoption materials to ensure an understanding of security as a shared responsibility aligned with business goals.

For more information from the Cloud Adoption Framework, see the Plan for cloud adoption.

Continue with this Series!

In part 2, I’ll be talking about the final 3 phases of the Zero Trust Adoption Strategy: Get Ready, Adopt Zero Trust, and Govern & Manage!

Related posts
|
Read more
PDF Preview Image Cloud Security Checklist
Security | 10 Apr
Cloud Security Checklist
Read more
Building A Data Governance Strategy with Microsoft Purview: Purview logo is overlaid on coded data on a screen
Security | 9 Apr
7 Steps to Unlocking the Power of Microsoft Purview for a Comprehensive Data Governance Strategy
Read more
Blog Feature Image Secure AI for SMBs - Business Leaders converse
Security | 2 Apr
AI for SMBs: Implementing Efficient and Secure AI
Read more