Zero Trust. You’ve probably heard the term a lot in security conversations. But what does it mean in practice and how do you assess if your organization is on the right track? If you’re anything like me, you don’t want vague marketing speak or a 50-page strategy document with everything you need to do to take action on. Are you working in a Microsoft environment? I have some good news for you!
Microsoft has created a Zero Trust Workshop and Assessment Toolkit, which you can explore right now at Microsoft Zero Trust Assessment. It’s surprisingly accessible and ideal for anyone wanting to take that first (or next) step in applying Zero Trust principles in their Microsoft 365 environment.
The Zero Trust Workshop is a free toolkit built to help organizations benchmark where they are today. This will help you through applying Zero Trust across the Microsoft Security landscape, including the three following principles:
The workshop takes you through the pillars Identity, Devices and Data.
It’s a clear and structured way to assess maturity across these domains, with guidance and examples that are refreshingly concrete.
To get the most value from each pillar in the Zero Trust Workshop, make sure the right stakeholders are at the table:
| Identity | Devices | Data |
| • Identity and Access Management (IAM) team • Security Operations team • Devices/Endpoint team • Enterprise Application Developers • CISO (if possible) • IT Director (if possible) | • MDM Admin (Architect, Ops) • Security (Architect, Ops) • Conditional Access Admin (Security, Identity, MDM) • Governance and Risk • CISO (if possible) • IT Director (if possible) | • Information Protection architects and officers • Compliance officers and administrators • Data Platform administrators focused on data security (Exchange, SharePoint, etc.) • CISO (if possible) • IT Director or Lead Architect (if possible) |
Let’s say you’re ready to start in your own tenant. You want to see where your own organization stands now and discuss this with the stakeholders. Microsoft has made it easy with the Zero Trust Assessment Toolkit, available here.
Open PowerShell and run the following command:
Install-Module ZeroTrustAssessment
Invoke-ZTAssessmentYou need minimal PowerShell 7 to install this module. If succesfull, the app will ask for Application Admin consent and read-only permissions on several rights. This will be used to read your current environment with MS Graph and will not be active after your assessment is done.
When you open the Zero Trust Assessment Excel file, the first thing you’ll see is a super helpful overview. It maps out the six core Zero Trust areas - Identity, Devices, Data, Apps, Infrastructure, and Network - and shows you exactly how far along you are in each one.
Each pillar is color-coded, so in one glance, you know what’s already in place, what’s partially rolled out, and what still needs work.
Once you've gone through the assessment overview, the next tabx in the toolkit gives you something what I think is really handy: a step-by-step roadmap to improve your Zero Trust for each pillar.
Microsoft has divided the roadmap into three clear phases: First, Then, and Next. You start with foundational actions (First), move on to logical follow-ups (Then), and finish with longer-term or advanced improvements (Next).
This layout offers a clear, actionable path without overwhelming you with everything at once. Each step can be marked with a status—like Completed, In Progress, Planned, Blocked, or Will not pursue—to easily track progress.
That makes it super easy to track where you are, see what’s coming next, and discuss progress with stakeholders. Even better, this file becomes a living document in your way to Zero Trust.
I also recommend watching this video that is very interesting into the introduction of this Zero Trust Assessment.
Security can feel overwhelming—especially when everything is moving fast. But Microsoft’s Zero Trust Workshop and Assessment Toolkit gives you a practical, structured way to take your environment to the next level.
It’s free and easy to use And it works whether you're just starting with Zero Trust or deep into your implementation journey.
Have you tried it yet? I’d love to hear your thoughts!
Hi, I'm Ziggy Itjoejaree. I work as Modern Workplace Engineer and have a big interest in Microsoft Purview, Data, AI and compliancy. In my daily job, I am mostly helping customers transform and migrate to a Cloud work environment.