5.5 min to readDigital Workplace

Zero Trust in action

Mario GamaPractice Leader
Aerial view of a large pile of bricks being hit by the sea

In this Zero Trust blog series, we want to help any business leaders better understand what the Zero Trust security model is. In this blog, we will bring the model to life by walking you through a typical day of an employee who works in a high-performance workplace with a Zero Trust security model. Let’s go.

Zero Trust architecture enables Stephanie to work flexibly and securely

Meet Stephanie. She works in the marketing team for a global online travel company – AmazingTrips. The organisation offers a hybrid work environment, giving employees the flexibility to work from their offices, home, or even some of their travel destinations. Today Stephanie is heading into the London office for a meeting.

9am - user logs in

Stephanie begins her day by signing into her laptop. She inputs her username and password. Unbeknownst to her, her device is connecting to Microsoft Entra ID (previously Azure AD) , which checks that she is a recognised employee at AmazingTrips. She is asked to authenticate who she is by clicking a button on her Microsoft Authenticator App on her phone. This Multi-Factor Authentication (MFA) is required to ensure that no-one has accessed Stephanie’s laptop without her knowledge. From the security team’s perspective, it means the user's identity is strongly verified.

Device compliance check

Before granting Stephanie access, the system checks the device's compliance status through Microsoft Intune (Endpoint Manager). The device must meet the organisation's security policies, ensuring it is secure and up to date.

Any inconsistences during this process, Microsoft Security ecosystem, present within Microsoft 365 platform, will request additional validations or other actions defined under the security policies and Zero-Trust defined criteria. If Stephanie’s device does not meet the security requirements, i.e. Outdated antivirus or missing a security policy, the login process will be redirected to an isolated virtual network to update the policies and patches.

10am - accessing applications

Having checked her emails and caught up with the team, Stephanie needs to access a SharePoint site to work on campaign materials for a new confidential product launch. Microsoft Entra ID evaluates Stephanie’s request based on her role, location, device compliance, and the application's sensitivity. Conditional Access policies ensure that only the necessary access is granted, aligning with the principle of least privilege. Microsoft Defender for Identity manages identity risk and detect advanced identity-based cyberthreats across an organization in real time. As Stephanie meets the requirements and does not pose any risk level, she gains access to the files she needs to work on.

11am - data protection in action

Despite working with sensitive documents, Microsoft Purview Information Protection automatically classifies and labels the information that Stephanie has been working on. As changes are made or new materials created, the documents are encrypted, ensuring that data is protected both in transit and at rest.

12pm - connecting from a new location

Stephanie must travel from the London office to Paris on the Eurostar to meet the French marketing team. She wants to keep working while she travels on the train. The Zero Trust system re-evaluates Stephanie’s access request, considering the new location and network. Access might be restricted, or Stephanie might be asked for additional verification, demonstrating the principle of "always verify”.

2pm - threat detection and response

Throughout the day, Microsoft 365 Defender monitors Stephanie’s device, identity, apps, etc for abnormal behaviours. The system has picked up that Stephanie is now in France, a different country from where she was that morning. This potential suspicious activity triggers an “impossible Travel” alert, and the system automatically reinforces the Conditional Access. If confirmed as a threat – a situation of login from Lond and Asia during minutes interval, the suspicious access is blocked without any impact to Stephanie’s current access and applications, reducing dramatically any potential damage.

3pm - collaborating on sensitive projects

Having worked hard on getting the campaign materials ready, Stephanie needs someone from the product team to review what she has created. She sends a link to the SharePoint files to her colleague Sam. However, when Sam clicks the link to request access to the files, access is refused as he’s not been defined as a member of the marketing team and doesn’t meet the policy requirements. Sam must click a button to request access.

As the owner of the materials, the access request is sent to Stephanie, who can immediately approve Sam’s request and the two of them can collaborate on the materials together. This access to project files is controlled through Microsoft Entra ID, with permissions dynamically adjusted based on the project's sensitivity and participants' roles.

5.30pm - end-of-day sign-off

As Stephanie logs off, the system continues to monitor for any unusual activity associated with the user's identity or device, ready to respond to threats even when she is not active.

10pm - mobile check in

After dinner with the French team, Stephanie wants to check her emails. She uses her mobile phone. She runs through similar authentication sign on again, with Entra ID running in the background, ensuring that this log on with a new device is still her. Also AmazingTrips policy might request Sthepanie to enrol her mobile in Microsoft Intune, to guarantee this device protection.

Continuous improvement

Telemetry and security analytics collected throughout the day feed into Microsoft Sentinel. This data helps refine security policies and threat detection, ensuring AmazingTravel’s Zero Trust posture adapts to new challenges.

Secure work from anywhere

Throughout each day, AmazingTravel's Zero Trust architecture continuously evaluates and re-evaluates trust every time a user or device requests access to resources. This dynamic approach ensures that security is maintained regardless of the user's location, device, or network environment. As a day in the life of Stephanie shows, a Zero Trust approach to security means that she can work from anywhere, collaborate with colleagues, work on highly sensitive documents and still remain secure. If requests are made by unapproved users, they can be verified without dramatically slowing the flow of work. And if user’s want to change locations or devices throughout the day, they can, confident that they can securely access their work.

Want to learn more?

Understand some of the common misconceptions about Zero Trust.

blue digital waves

Envision the art of the possible

If you want to understand your current security score and how you can move towards a Zero Trust model, request a free one hour envision workshop with SoftwareOne.

Envision the art of the possible

If you want to understand your current security score and how you can move towards a Zero Trust model, request a free one hour envision workshop with SoftwareOne.



Mario Gama
Practice Leader