Zero Trust illustrations for IT architects and implementers

These posters and technical diagrams give you information about deployment and implementation steps to apply the principles of Zero Trust to Microsoft cloud services, including Microsoft 365 and Microsoft Azure.

Zero Trust is a new security model that assumes breach and verifies each request as though it originated from an uncontrolled network. Regardless of where the request originates or what resource it accesses, the Zero Trust model teaches us to "never trust, always verify."

As an IT architect or implementer, you can use these resources for deployment steps, reference architectures, and logical architectures to more quickly apply Zero Trust principles to your existing environment for:

You can download these illustrations in the form of:

  • A PDF file for easier viewing, links to articles, and to print for your IT department.
  • If available, a Microsoft Visio file to modify the illustrations for your own use.
  • If available, a Microsoft PowerPoint file for presentations and to modify the slides for your own use.

To use the same set of icons and templates in the Visio or PowerPoint files, get the downloads in Microsoft 365 architecture templates and icons.

Zero Trust for Microsoft 365

This illustration provides a deployment plan for applying Zero Trust principles to Microsoft 365.

Item Description
Illustration of the Microsoft 365 Zero Trust deployment plan.
PDF | Visio
Updated March 2024
Use this illustration together with this article: Microsoft 365 Zero Trust deployment plan

Related solution guides

Zero Trust for Microsoft Copilot for Microsoft 365

Adopting Microsoft Copilot for Microsoft 365 or Copilot is a great incentive for your organization to invest in Zero Trust. This set of illustrations introduces new logical architecture components for Copilot. It also includes security and deployment recommendations for preparing your environment for Copilot. These recommendations align with Zero Trust recommendations and help you begin this journey, even if your licenses are Microsoft 365 E3!

Item Description
Copilot architecture poster thumb
PDF | Visio
Updated November 2023
Copilot combines the power of large language models (LLMs) with your data in the Microsoft Graph — your calendar, emails, chats, documents, meetings, and more — and the Microsoft 365 apps to provide a powerful productivity tool.

This series of illustrations provides a view into new logical architecture components. It includes recommendations for preparing your environment for Copilot with security and information protection while assigning licenses.

Apply Zero Trust to Azure IaaS components poster

This poster provides a single-page, at-a-glance view of the components of Azure IaaS as reference and logical architectures, along with the steps to ensure that these components have the "never trust, always verify" principles of the Zero Trust model applied.

Item Description
Thumbnail figure for the Apply Zero Trust to Azure IaaS infrastructure poster.
PDF | Visio
Updated June 2024
Use this poster together with this article: Apply Zero Trust principles to Azure IaaS overview

Related solution guides

Diagrams for applying Zero Trust to Azure IaaS components

You can also download the technical diagrams used in the Zero Trust for Azure IaaS series of articles as an easier way of viewing the illustrations or to modify them for your own use.

Item Description
Thumbnail figure for the Diagrams for applying Zero Trust to Azure IaaS infrastructure poster.
PDF | Visio
Updated June 2024
Use these diagrams together with the articles starting here: Apply Zero Trust principles to Azure IaaS overview

Related solution guides

Zero Trust for Azure Virtual WAN diagrams

These diagrams show the reference and logical architectures for applying Zero Trust to Azure Virtual WAN as an easier way of viewing the illustrations in the article or to modify them for your own use.

Item Description
Thumbnail figure for the Diagrams for applying Zero Trust to Azure Virtual WANs poster.
PDF | Visio
Updated March 2024
Use this illustration together with this article: Apply Zero Trust principles to Azure Virtual WAN

Zero Trust for Azure Virtual Desktop diagrams

These diagrams show the reference and logical architectures for applying Zero Trust to Azure Virtual Desktop as an easier way of viewing the illustrations in the article or to modify them for your own use.

Item Description
Illustration of applying Zero Trust to Azure Virtual Desktop.
PDF | Visio
Updated March 2024
Use this illustration together with this article: Apply Zero Trust principles to Azure Virtual Desktop

Zero Trust Identity and Device Access Policies

This illustration shows the set of Zero Trust identity and device access policies for three levels of protection: Starting point, Enterprise, and Specialized security.

Item Description
Thumbnail figure for the Zero Trust identity and device access policies poster.
PDF
Updated March 2024
Use this illustration together with this article: Recommended identity and device access configurations

Related solution guides

Common attacks and how Microsoft capabilities for Zero Trust can protect your organization

Learn about the most common cyber attacks and how Microsoft capabilities for Zero Trust can help your organization at every stage of an attack. Also use a table to quickly link to Zero Trust documentation for common attacks based on technology pillars such as identities or data.

Item Description
Thumbnail of the common attacks and how Microsoft capabilities for Zero Trust can protect your organization poster.
PDF | Visio
Updated February 2024
Use this illustration together with this article: Zero Trust deployment for technology pillars

Additional Microsoft security posters and illustrations

See these additional Microsoft security posters and illustrations:

  • Microsoft Intune enrollment options: PDF | Visio

  • An overview of the three phases as layers of protection against ransomware attackers: PDF. Use this poster together with the What is ransomware? article.

  • An overview of how Microsoft's SecOps team does incident response to mitigate ongoing attacks: PDF

  • The Security Best Practices slide presentation: PDF | PowerPoint

  • The top 10 Azure Security best practices: PDF | PowerPoint

  • The phishing, password spray, app consent grant incident response playbook workflows: PDF | Visio

Next steps

Use additional Zero Trust content based on a documentation set or the roles in your organization.

Documentation set

Follow this table for the best Zero Trust documentation sets for your needs.

Documentation set Helps you... Roles
Adoption framework for phase and step guidance for key business solutions and outcomes Apply Zero Trust protections from the C-suite to the IT implementation. Security architects, IT teams, and project managers
Concepts and deployment objectives for general deployment guidance for technology areas Apply Zero Trust protections aligned with technology areas. IT teams and security staff
Zero Trust for small businesses Apply Zero Trust principles to small business customers. Customers and partners working with Microsoft 365 for business
Zero Trust Rapid Modernization Plan (RaMP) for project management guidance and checklists for easy wins Quickly implement key layers of Zero Trust protection. Security architects and IT implementers
Zero Trust deployment plan with Microsoft 365 for stepped and detailed design and deployment guidance Apply Zero Trust protections to your Microsoft 365 tenant. IT teams and security staff
Zero Trust for Microsoft Copilots for stepped and detailed design and deployment guidance Apply Zero Trust protections to Microsoft Copilots. IT teams and security staff
Zero Trust for Azure services for stepped and detailed design and deployment guidance Apply Zero Trust protections to Azure workloads and services. IT teams and security staff
Partner integration with Zero Trust for design guidance for technology areas and specializations Apply Zero Trust protections to partner Microsoft cloud solutions. Partner developers, IT teams, and security staff
Develop using Zero Trust principles for application development design guidance and best practices Apply Zero Trust protections to your application. Application developers

Your role

Follow this table for the best documentation sets for your role in your organization.

Role Documentation set Helps you...
Security architect

IT project manager

IT implementer
Adoption framework for phase and step guidance for key business solutions and outcomes Apply Zero Trust protections from the C-suite to the IT implementation.
Member of an IT or security team Concepts and deployment objectives for general deployment guidance for technology areas Apply Zero Trust protections aligned with technology areas.
Customer or partner for Microsoft 365 for business Zero Trust for small businesses Apply Zero Trust principles to small business customers.
Security architect

IT implementer
Zero Trust Rapid Modernization Plan (RaMP) for project management guidance and checklists for easy wins Quickly implement key layers of Zero Trust protection.
Member of an IT or security team for Microsoft 365 Zero Trust deployment plan with Microsoft 365 for stepped and detailed design and deployment guidance for Microsoft 365 Apply Zero Trust protections to your Microsoft 365 tenant.
Member of an IT or security team for Microsoft Copilots Zero Trust for Microsoft Copilots for stepped and detailed design and deployment guidance Apply Zero Trust protections to Microsoft Copilots.
Member of an IT or security team for Azure services Zero Trust for Azure services for stepped and detailed design and deployment guidance Apply Zero Trust protections to Azure workloads and services.
Partner developer or member of an IT or security team Partner integration with Zero Trust for design guidance for technology areas and specializations Apply Zero Trust protections to partner Microsoft cloud solutions.
Application developer Develop using Zero Trust principles for application development design guidance and best practices Apply Zero Trust protections to your application.