Zero Trust illustrations for IT architects and implementers
These posters and technical diagrams give you information about deployment and implementation steps to apply the principles of Zero Trust to Microsoft cloud services, including Microsoft 365 and Microsoft Azure.
Zero Trust is a new security model that assumes breach and verifies each request as though it originated from an uncontrolled network. Regardless of where the request originates or what resource it accesses, the Zero Trust model teaches us to "never trust, always verify."
As an IT architect or implementer, you can use these resources for deployment steps, reference architectures, and logical architectures to more quickly apply Zero Trust principles to your existing environment for:
Azure services:
You can download these illustrations in the form of:
- A PDF file for easier viewing, links to articles, and to print for your IT department.
- If available, a Microsoft Visio file to modify the illustrations for your own use.
- If available, a Microsoft PowerPoint file for presentations and to modify the slides for your own use.
To use the same set of icons and templates in the Visio or PowerPoint files, get the downloads in Microsoft 365 architecture templates and icons.
Zero Trust for Microsoft 365
This illustration provides a deployment plan for applying Zero Trust principles to Microsoft 365.
| Item | Description |
|---|---|
 PDF | Visio Updated March 2024 |
Use this illustration together with this article: Microsoft 365 Zero Trust deployment plan Related solution guides
|
Zero Trust for Microsoft Copilot for Microsoft 365
Adopting Microsoft Copilot for Microsoft 365 or Copilot is a great incentive for your organization to invest in Zero Trust. This set of illustrations introduces new logical architecture components for Copilot. It also includes security and deployment recommendations for preparing your environment for Copilot. These recommendations align with Zero Trust recommendations and help you begin this journey, even if your licenses are Microsoft 365 E3!
| Item | Description |
|---|---|
 PDF | Visio Updated November 2023 |
Copilot combines the power of large language models (LLMs) with your data in the Microsoft Graph — your calendar, emails, chats, documents, meetings, and more — and the Microsoft 365 apps to provide a powerful productivity tool. This series of illustrations provides a view into new logical architecture components. It includes recommendations for preparing your environment for Copilot with security and information protection while assigning licenses. |
Zero Trust for Azure IaaS services
This illustration shows the components of Azure IaaS as reference and logical architectures, along with the steps to ensure that these components have the "never trust, always verify" principles of the Zero Trust model applied.
| Item | Description |
|---|---|
 PDF | Visio Updated March 2024 |
Use this illustration together with this article: Apply Zero Trust principles to Azure IaaS overview Related solution guides |
You can also download the technical diagrams used in the Zero Trust for Azure IaaS series of articles as an easier way of viewing the illustrations in the articles or to modify them for your own use.
| Item | Description |
|---|---|
 PDF | Visio Updated March 2024 |
Use these diagrams together with the articles starting here: Apply Zero Trust principles to Azure IaaS overview Related solution guides |
Zero Trust for Azure Virtual WAN diagrams
These diagrams show the reference and logical architectures for applying Zero Trust to Azure Virtual WAN as an easier way of viewing the illustrations in the article or to modify them for your own use.
| Item | Description |
|---|---|
 PDF | Visio Updated March 2024 |
Use this illustration together with this article: Apply Zero Trust principles to Azure Virtual WAN |
Zero Trust for Azure Virtual Desktop diagrams
These diagrams show the reference and logical architectures for applying Zero Trust to Azure Virtual Desktop as an easier way of viewing the illustrations in the article or to modify them for your own use.
| Item | Description |
|---|---|
 PDF | Visio Updated March 2024 |
Use this illustration together with this article: Apply Zero Trust principles to Azure Virtual Desktop |
Zero Trust Identity and Device Access Policies
This illustration shows the set of Zero Trust identity and device access policies for three levels of protection: Starting point, Enterprise, and Specialized security.
| Item | Description |
|---|---|
 Updated March 2024 |
Use this illustration together with this article: Recommended identity and device access configurations Related solution guides
|
Common attacks and how Microsoft capabilities for Zero Trust can protect your organization
Learn about the most common cyber attacks and how Microsoft capabilities for Zero Trust can help your organization at every stage of an attack. Also use a table to quickly link to Zero Trust documentation for common attacks based on technology pillars such as identities or data.
| Item | Description |
|---|---|
 PDF | Visio Updated February 2024 |
Use this illustration together with this article: Zero Trust deployment for technology pillars |
Additional Microsoft security posters and illustrations
See these additional Microsoft security posters and illustrations:
An overview of the three phases as layers of protection against ransomware attackers: PDF. Use this poster together with the What is ransomware? article.
An overview of how Microsoft's SecOps team does incident response to mitigate ongoing attacks: PDF
The Security Best Practices slide presentation: PDF | PowerPoint
The top 10 Azure Security best practices: PDF | PowerPoint
The phishing, password spray, app consent grant incident response playbook workflows: PDF | Visio
Next steps
Use additional Zero Trust content based on a documentation set or the roles in your organization.
Documentation set
Follow this table for the best Zero Trust documentation sets for your needs.
| Documentation set | Helps you... | Roles |
|---|---|---|
| Adoption framework for phase and step guidance for key business solutions and outcomes | Apply Zero Trust protections from the C-suite to the IT implementation. | Security architects, IT teams, and project managers |
| Concepts and deployment objectives for general deployment guidance for technology areas | Apply Zero Trust protections aligned with technology areas. | IT teams and security staff |
| Zero Trust for small businesses | Apply Zero Trust principles to small business customers. | Customers and partners working with Microsoft 365 for business |
| Zero Trust Rapid Modernization Plan (RaMP) for project management guidance and checklists for easy wins | Quickly implement key layers of Zero Trust protection. | Security architects and IT implementers |
| Zero Trust deployment plan with Microsoft 365 for stepped and detailed design and deployment guidance | Apply Zero Trust protections to your Microsoft 365 tenant. | IT teams and security staff |
| Zero Trust for Microsoft Copilots for stepped and detailed design and deployment guidance | Apply Zero Trust protections to Microsoft Copilots. | IT teams and security staff |
| Zero Trust for Azure services for stepped and detailed design and deployment guidance | Apply Zero Trust protections to Azure workloads and services. | IT teams and security staff |
| Partner integration with Zero Trust for design guidance for technology areas and specializations | Apply Zero Trust protections to partner Microsoft cloud solutions. | Partner developers, IT teams, and security staff |
| Develop using Zero Trust principles for application development design guidance and best practices | Apply Zero Trust protections to your application. | Application developers |
Your role
Follow this table for the best documentation sets for your role in your organization.
| Role | Documentation set | Helps you... |
|---|---|---|
| Security architect IT project manager IT implementer |
Adoption framework for phase and step guidance for key business solutions and outcomes | Apply Zero Trust protections from the C-suite to the IT implementation. |
| Member of an IT or security team | Concepts and deployment objectives for general deployment guidance for technology areas | Apply Zero Trust protections aligned with technology areas. |
| Customer or partner for Microsoft 365 for business | Zero Trust for small businesses | Apply Zero Trust principles to small business customers. |
| Security architect IT implementer |
Zero Trust Rapid Modernization Plan (RaMP) for project management guidance and checklists for easy wins | Quickly implement key layers of Zero Trust protection. |
| Member of an IT or security team for Microsoft 365 | Zero Trust deployment plan with Microsoft 365 for stepped and detailed design and deployment guidance for Microsoft 365 | Apply Zero Trust protections to your Microsoft 365 tenant. |
| Member of an IT or security team for Microsoft Copilots | Zero Trust for Microsoft Copilots for stepped and detailed design and deployment guidance | Apply Zero Trust protections to Microsoft Copilots. |
| Member of an IT or security team for Azure services | Zero Trust for Azure services for stepped and detailed design and deployment guidance | Apply Zero Trust protections to Azure workloads and services. |
| Partner developer or member of an IT or security team | Partner integration with Zero Trust for design guidance for technology areas and specializations | Apply Zero Trust protections to partner Microsoft cloud solutions. |
| Application developer | Develop using Zero Trust principles for application development design guidance and best practices | Apply Zero Trust protections to your application. |
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for