This case study exercise is designed to provide experience performing some conceptual design tasks that relate to the subjects learned in this module.

Case study: design a Zero Trust solution

Tailwind Traders is a fictitious home improvement retailer. It operates retail hardware stores across the globe and online. The Tailwind Traders CISO is aware of the opportunities offered by Azure, but also understands the need for strong security and solid cloud architecture. Without strong security and a great point of reference architecture, the company may have difficulty managing the Azure environment and costs, which are hard to track and control. The CISO is interested in understanding how Azure manages and enforces security standards.

Requirements: user access and productivity

Tailwind Traders is planning significant changes to their Azure Architecture. They have asked for your assistance with recommendations and questions. Here are the specific requirements.

The company has a new security optimization project for customer environments. The CISO wants to ensure all Azure resources are highly secured. For the architecture review phase, user accounts should require:

  • Passwordless or MFA for all users and be able to measure risk with threat intelligence & behavior analytics
  • Endpoints should require device integrity for access
  • Network should be able to establish basic traffic filtering and segmentation to isolate business-critical or highly vulnerable resources

Design tasks

  • What are different ways Tailwind Traders could use the MCRA to require Passwordless or MFA for all users and be able to measure risk with threat intelligence & behavior analytics? Design an architecture and explain your decision-making process.
  • What are the different ways Tailwind Traders could require integrity for access to endpoints using the MCRA? Design an architecture and explain your decision-making process.
  • What are the different ways Tailwind Traders could establish basic network traffic filtering and segmentation to isolate business-critical or highly vulnerable resources using the MCRA? Propose at least two ways of meeting the requirements. Explain your final decision.
  • How are you incorporating the Microsoft Cybersecurity Reference Architectures (MCRA) to produce a secured, high available, and efficient cloud architecture?