Zero Trust Assessments
Assess and evolve your environment to a Zero Trust model that verifies every user, device, and access request
Trust nothing. Verify everything.
Traditional security assumes everything inside your network is trustworthy. Once users authenticate through VPN or sit on the office network, they access resources freely. This approach fails when attackers compromise credentials, employees work remotely, or applications move to the cloud.
A single compromised password grants access to everything. Malware spreading from one infected device reaches the entire network. Former employees retain access months after leaving.
Zero Trust eliminates implicit trust. Every access request gets verified regardless of source. Users authenticate with multi-factor authentication. Devices must be compliant and healthy. Access gets granted based on specific needs, not broad network permissions. When credentials get compromised, attackers face additional verification requirements and limited access instead of full network control.
At I.T With You, we assess your current security posture against the Microsoft Zero Trust principles and create practical roadmaps for implementation. Our approach uses Microsoft 365, Intune, Defender, and Entra ID capabilities you may already be licensed for, implementing Zero Trust without purchasing additional security products or creating management complexity.
Understanding Zero Trust Principles
Verify Explicitly
Authentication and authorisation happen based on all available data points rather than simple username and password verification. Identity gets confirmed through multi-factor authentication. Device health is evaluated, checking encryption status, security update compliance, and antivirus protection. Location and network information are assessed for anomalies. Risk signals like impossible travel, unusual access patterns, or compromised credentials trigger additional verification.
Use Least Privilege Access
Users get limited to only the resources and permissions they actually need for their specific roles. Broad network access is replaced with targeted permissions to specific applications and data. Administrative privileges are separated from standard user accounts and closely monitored. Access is reviewed regularly to remove permissions no longer needed. When accounts are compromised, attackers gain minimal access instead of sweeping permissions across the environment.
Assume Breach
Every access request gets treated as potentially malicious regardless of source. Networks are segmented to prevent lateral movement between systems. Traffic is monitored continuously for unusual patterns. Security events trigger automated investigation and response. The assumption isn’t that breaches won’t occur, but that they’re inevitable and containment matters as much as prevention.
What Our Zero Trust Assessment Actually Evaluates
Identity and access controls
We evaluate how your organisation verifies user identity and grants access to resources. This includes examining whether multi-factor authentication is enforced universally, whether legacy authentication protocols that bypass modern security are disabled, whether privileged accounts have additional protections, and whether Conditional Access policies require healthy devices and evaluate risk levels before granting access.
Device compliance and endpoint protection
We assess whether devices accessing company data are managed, compliant, and properly protected. This covers device enrollment in Microsoft Intune, compliance policy enforcement, endpoint protection through Microsoft Defender, and automated responses when devices fall out of compliance.
Data classification and protection
We review how sensitive information is identified, classified, and protected throughout its lifecycle. This includes whether sensitive data like financial records and customer information is properly classified, whether data loss prevention policies prevent transmission of regulated information, whether information rights management restricts document access, and whether encryption is enforced on all devices and for data in transit.
Application security and conditional access
We evaluate how applications are secured and how access is controlled based on risk. This covers whether applications require device compliance and appropriate authentication, whether risky or unapproved applications are blocked, whether OAuth consent is monitored to prevent malicious apps from accessing data, and whether shadow IT is identified and managed.
Network segmentation and monitoring
We assess network architecture and whether it prevents lateral movement when systems are compromised. Evaluation areas include whether critical systems are properly segmented from general network access, whether monitoring detects unusual traffic patterns, whether micro-segmentation limits communication between systems based on business need, and whether Zero Trust network access provides secure remote access without broad VPN permissions.
Governance and policy enforcement
We review whether security policies are documented, enforced consistently, and monitored effectively. We examine whether security policies are enforced through technical controls rather than user compliance, whether comprehensive audit logging supports incident investigation, whether incident response procedures are tested regularly, and whether security posture is monitored continuously with regular reviews.
How Long Does Zero Trust Implementation Actually Take?
Implementation timelines vary based on your starting maturity and target state.
Moving from traditional network security to initial Zero Trust implementation typically takes two to three months. This involves enabling multi-factor authentication universally, implementing basic Conditional Access policies, enrolling devices in Intune with compliance requirements, and establishing initial data classification.
Advancing to mature Zero Trust implementation requires four to six months of systematic improvement. This includes comprehensive Conditional Access policies that evaluate risk dynamically, strict device compliance enforcement, advanced data loss prevention, proper network segmentation, and robust monitoring with automated response.
Reaching optimal Zero Trust maturity represents a 12-to-18-month commitment requiring organisational change management alongside technical implementation. This level isn’t a starting point, it’s a destination. Most businesses begin by locking down identity and devices, which delivers the majority of the security benefit in a matter of weeks.
At I.T With You, we make Zero Trust practical and achievable using the Microsoft security capabilities you may already have.
Current State Assessment – We evaluate your security posture across identity, devices, data, applications, network, and governance to identify exactly where you are and what gaps exist.
Clear Implementation Roadmap – You receive a prioritized plan with specific steps, effort estimates, and realistic timelines that balance security improvement with operational constraints.
Hands-On Implementation Support – We configure policies, deploy controls, and establish processes rather than just providing documentation and leaving you to figure out technical details.
Ongoing Monitoring and Improvement – Zero Trust isn’t a destination. We help you continuously monitor security posture, address new risks, and advance maturity as your environment evolves.
By focusing on strong identity controls, least privilege access, and continuous verification, we reduce complexity while aligning your Zero Trust approach with broader cybersecurity and compliance goals.
Ready to understand where you sit on the Zero Trust journey and what it takes to advance your security posture? Contact us today.
Related Services
Identity & Access Management
Essential Eight Assessments
Cloud Data Backup
Get A Free Health Check Today
Is your business at risk from cyber threats? Our free IT health check reveals what’s working, what’s vulnerable, and what needs attention in your technology environment.