Applying Zero Trust principles to the cloud-native journey

Feedback from IT administrators and decision-makers about the Microsoft approach to modern endpoint management solutions is positive. They are enthusiastic about adopting cloud-native strategies to streamline IT operations and strengthen security by implementing Zero Trust principles. Organizations are experiencing significant benefits, including enabling hybrid work environments, simplifying IT operations, bolstering security posture, reducing operating costs, and moving closer to a Zero Trust framework. Additionally, they're exploring innovative capabilities such as remote assistance, privilege management, advanced analytics. They're also leveraging AI for deployment, patching, and troubleshooting with Microsoft Intune.

Although no path is the same for cloud-native and Zero Trust journeys, we learn from users daily and hope you can too. Here, we present various examples that illustrate organizations' efforts in these areas and best practices for cloud-native journeys.

Cloud-native journeys: Begin by beginning

Chugai Pharmaceutical Co., Ltd. initiated their migration to cloud endpoint management by conducting a proof of concept (POC). They built an environment equivalent to the production configuration, distributed PCs for verification to key personnel in each department, and used the POC to ensure there were no major issues before officially launching the project. For a smooth transition, Chugai sought a blueprint from the Microsoft support team, which provided guidance and assistance throughout the migration. This collaboration helped Chugai move from on-premises to cloud-based device management, using Microsoft Intune and Microsoft Entra ID to enable a hybrid work environment and optimize costs, security, and operations.

ENGIE, a global leader in low-carbon energy, faced several challenges that prompted their decision to embark on a cloud-native journey. The complexity of device and application management, along with the risks associated with password-based authentication and the strain on IT resources due to support tickets, were significant factors. To address these issues, ENGIE migrated 45,000 devices to a cloud-managed environment using Intune and Windows 11. This transition incorporated advanced security features like Windows Hello for Business and a Zero Trust architecture, which significantly improved security. Using Windows Autopilot to manage devices enhanced efficiency and sustainability, reduced provisioning time, and improved compatibility. Together, Intune and Windows 11 provided ENGIE with systems that deliver better performance, reliability, and user experience, leading to a reduction in support tickets and positive user feedback. These features collectively drove value for the company by streamlining IT operations and enhancing security.

"We use Windows Autopilot provisioning worldwide, delivering devices and improving the process by reducing qualification time for new models and enhancing hardware and driver compatibility." –Alexis Hurlot, Workplace Experts Team Leader, ENGIE

National Australia Bank (NAB) was well positioned to adopt cloud-native endpoint management, ensuring devices were updated with the latest patches and completing preliminary app testing on previous versions. Today, with Windows 11 Enterprise, NAB continues to stay up to date and incorporates patches as soon as they are available. The new solution helped NAB achieve more flexibility for its workforce of more than 38,000 colleagues, plus about 50,000 corresponding physical and virtual endpoints.

"We manage over 60,000 endpoints with Intune. Being cloud managed we don't have a requirement for corporate network. New employees are able to be provided a device remotely and able to use that device login, connect to NAB systems, and get up and running straight away." –Andrew Zahradka, Head of Workplace Compute Technology, National Australia Bank

In December, we published Cloud-native Windows endpoints: Begin by beginning to help organizations get a quick start. The article emphasizes starting with a POC to evaluate the new approach, build skills, and gain stakeholder buy-in. It recommends an iterative approach with smaller waves of users and endpoints. The article also highlights the importance of considering organizational user personas and endpoint roles when defining waves for the POC.

Apply Zero Trust principles by securing identity and endpoints

"Microsoft runs on trust, and trust must be earned and maintained. Our pledge to our customers and our community is to prioritize your cyber safety above all else." As Charlie Bell, Microsoft Security Executive Vice President, indicated, Microsoft works to enhance security by analyzing and addressing cybersecurity threats, developing security technologies, and collaborating with organizations to implement these technologies effectively.

Fujitsu Limited significantly enhanced its security and user experience by integrating Microsoft Entra and Intune. This integration supported Fujitsu's digital transformation goals, optimizing operations and maximizing productivity by unifying device management tools globally. By adopting Intune as the global-standard management tool for employee devices, Fujitsu transitioned from on-premises to cloud-based device management. This shift reduced operating costs, and it automated security policy enforcement and improved visibility into device and application status. Microsoft Entra played a crucial role by providing secure access to company data on compliant devices, helping to ensure robust security through careful device selection.

"The integration between Microsoft Entra and Intune allows users to launch the Microsoft 365 mobile app, perform a single authentication, and then switch to other apps such as Microsoft Outlook, Microsoft Teams, and Microsoft PowerPoint without having to authenticate for each individual application used." –Tanomo Haga, Manager of End User Services Division, Digital Systems Platform Unit, Fujitsu Limited

The seamless integration between Microsoft Entra and Intune also supported Södertälje Kommun's digital transformation goals, optimizing operations and maximizing productivity by unifying device management tools globally. The integration creates a secure, flexible work environment, enabling employees to access data securely anytime, from anywhere. By adopting Intune, Södertälje Kommun transitioned to a cloud-based device management system, which automated security policy enforcement and improved visibility into device and application status. This led to reduced operating costs and streamlined device management processes. Microsoft Entra played a crucial role by providing secure access to municipal data on compliant devices, helping to ensure robust security through careful device selection.

A comprehensive approach to Zero Trust should encompass the entire digital estate, including identities, endpoints, networks, data, applications, and infrastructure. It begins with the management of identities and endpoints. This process is intricate and requires identifying business priorities and securing leadership endorsement. Additionally, users face challenges regarding where to start, determining subsequent steps, and measuring progress.

Our self-service Zero Trust Workshop provides expert guidance, detailed feature documents, and capture tools to help you align with key pillars, track progress, and start your Zero Trust journey with confidence.

Looking to learn more from your peers? Check out more than 200 customers quotes and stories about adoption of Microsoft Intune and Intune Suite solutions.

Stay up to date! Bookmark the Microsoft Intune Blog and follow us on LinkedIn or @MSIntune on X to continue the conversation.