Zero Trust Architecture
Verify Explicitly • Use Least Privilege Access • Assume Breach
Microsoft Zero Trust Workshop
Access the official Microsoft Zero Trust deployment guidance, tools, and assessment resources.
Complete Feature Comparison
Security Feature Matrix: Standard vs Business Premium vs Enterprise E5
| Feature Category / Capability |
Business Premium
SME (< 300 Users)
|
Enterprise E3
Standard Corp
|
Enterprise E5
Full Security
|
|---|---|---|---|
| Est. Price (USD/User/Month) | ~$22.00 | ~$36.00 | ~$57.00 |
| 1. Identity & Access (Entra ID) | |||
| Multi-Factor Authentication (MFA) | |||
| Conditional Access Context-based policies (IP, Device, Loc) | Plan 1 | Plan 1 | Plan 2 |
| Identity Protection Real-time Risk Detection & Blocking | |||
| Privileged Identity Mgmt (PIM) Just-In-Time Admin Access | |||
| Passwordless / FIDO2 Auth Hardware key & biometric login | |||
| Entra Private Access (ZTNA) Replace VPN with app-level Zero Trust | Add-on | ||
| 2. Endpoint Management (Intune) | |||
| MDM (Device Management) Manage Windows, iOS, Android, macOS | |||
| MAM (Mobile App Management) Protect App Data on Personal Devices | |||
| Windows Autopilot Zero-touch Deployment | |||
| 3. Threat Protection (Defender) | |||
| Next-Gen Antivirus | |||
| Endpoint Detection & Response (EDR) Advanced Post-breach hunting | Included | Included | |
| Email Safe Links & Attachments Zero-day Phishing/Malware Protection | |||
| Automated Investigation & Response Self-healing AI | |||
| 4. Information Protection (Purview) | |||
| Manual Sensitivity Labels | |||
| Data Loss Prevention (DLP) Exchange, SharePoint, OneDrive | |||
| Endpoint DLP Block USB, Print, Clipboard on Devices | Lite | Full | |
| Auto-Labeling (AI) Auto-classify data based on content | |||
| 5. Cloud Apps & Shadow IT | |||
| Cloud App Discovery (Shadow IT) | Basic | Basic | Full |
| Session Control (CASB) Block downloads on unmanaged devices | |||
| 6. Security Operations | |||
| Defender XDR Portal Unified incident management across signals | Limited | ||
| Attack Simulation Training Phishing simulation & security awareness | |||
| Advanced Threat Hunting (KQL) Proactive query-based threat investigation | |||
| Microsoft Secure Score Security posture measurement & tracking | |||
| Microsoft Sentinel (SIEM/SOAR) AI-driven security analytics & automation | Add-on | Add-on | Add-on |
Full Security Assessment
Select the option that best matches your organization (10 questions)
Identity & Foundation
1. Primary Microsoft 365 License?
2. Current Identity Management System?
3. Authentication Method?
Devices & Applications
4. Device Management?
5. Endpoint Protection?
6. Windows Patch Management?
7. Email Security (Anti-Phishing)?
8. Shadow IT Control (Cloud Apps)?
Data & Network
9. Data Protection?
10. External Remote Access?
Assessment Report
Date:
Executive Summary
Recommended Plan
Why this plan?
✅ Current Strength
⚠️ Critical Security Gaps
🗺️ Implementation Roadmap
Zero Trust Workshop
A structured, pillar-based checklist tool built by the Microsoft Security CxE team. Track implementation progress across all 7 Zero Trust pillars.
Open Full WorkshopWorkshop Pillars
The workshop covers 7 security pillars. Click any pillar to jump directly to its checklist inside the official tool.
Official Resources
Supporting materials from the Microsoft Security CxE team.
Ready to start your Zero Trust journey?
Use the official workshop to track your progress across all pillars with status tracking, notes, and implementation effort ratings.