This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Zero Trust is a security strategy for designing and implementing the following set of security principles:
| Verify explicitly | Use least privilege access | Assume breach |
|---|---|---|
| Always authenticate and authorize based on all available data points. | Limit user access with Just-In-Time and Just-Enough-Access (JIT/JEA), risk-based adaptive policies, and data protection. | Minimize blast radius and segment access. Verify end-to-end encryption and use analytics to get visibility, drive threat detection, and improve defenses. |
You can use Intune to protect access and data on organization-owned and user's personal devices and have compliance and reporting features that support Zero Trust.
| Zero Trust principle | How Intune helps |
|---|---|
| Verify explicitly | Intune allows you to configure policies for apps, security settings, device configuration, compliance, Microsoft Entra Conditional Access, and more. These policies become part of the authentication and authorization process of accessing resources. |
| Use least privilege access | Intune simplifies app management with a built-in app experience, including app deployment, updates, and removal. You can connect to and distribute apps from your private app stores, enable Microsoft 365 apps, deploy Win32 apps, create app protection policies, and manage access to apps and their data. With Endpoint Privilege Management (EPM), you can run your organization’s users as standard users (without administrator rights) while enabling those same users to complete tasks that require elevated privileges. Intune policy for Windows Local Administrator Password Solution (LAPS) can help you to secure the local administrator account on Windows devices. Because the local admin account can’t be deleted and has full permissions to the device, being able to manage the built-in Windows administrator account is an important step in securing your organization. |
| Assume breach | Intune integrates with mobile threat defense services, including Microsoft Defender for Endpoint and third party partner services. With these services, you can create policies for endpoint protection that respond to threats, do real-time risk analysis, and automate remediation. |
Learn more about Zero Trust and how to build an enterprise-scale strategy and architecture with the Zero Trust Guidance Center.
For device-centric concepts and deployment objectives, see Secure endpoints with Zero Trust.
For Intune in Microsoft 365, see Manage devices with Intune Overview.
Learn more about other Microsoft 365 capabilities that contribute to a strong Zero Trust strategy and architecture with Zero Trust deployment plan with Microsoft 365.
Training
Module
Advance your security posture with Microsoft Intune from chip to cloud - Training
Learn about how to advance your organization's security posture from chip to cloud with Microsoft Intune.
Certification
Microsoft 365 Certified: Endpoint Administrator Associate - Certifications
Plan and execute an endpoint deployment strategy, using essential elements of modern management, co-management approaches, and Microsoft Intune integration.
Documentation
Manage and secure user and group identities overview - Microsoft Intune
Get an overview of the concepts and features you should know when managing identities in Microsoft Intune. Use existing users and groups, control access using RBAC, establish user affinity, and secure and authenticate users.
Manage and secure devices overview - Microsoft Intune
Get an overview of the concepts and features you should know when managing devices that access organization resources in Microsoft Intune. You can manage new and existing devices, including BYOD personal devices, check health compliance and view reports, configure device features, and secure devices using mobile threat solutions.
Learn more about what device management means and how it can help organizations, including Microsoft 365 small & medium business, and enterprise. See a list of features and benefits, including mobile device management (MDM) and mobile application management (MAM), and learn about Microsoft Intune.