Designing and implementing a real Zero Trust framework across Azure, GCP, and M365 at a major media and entertainment enterprise — 32,000+ users, 70%+ reduction in standing privileges.
Most organizations buy a Zero Trust product and call it a program. What they've actually done is add a layer to a perimeter model that was never dismantled. The network still implicitly trusts everything inside it. Access is still granted based on group membership rather than behavioral context.
At this engagement, the gap was significant. Conditional access policies existed but were inconsistently enforced. PIM was enabled but standing admin assignments persisted alongside it. The hybrid identity environment spanning Azure, GCP, and M365 had sync inconsistencies that created identity ambiguity — the same user appearing with different attributes depending on which system was queried. Zero Trust logic built on dirty identity data enforces the wrong policies.
The framework was designed around NIST 800-207, starting with identity as the new perimeter — because in a hybrid multi-cloud environment, network boundaries are effectively meaningless. If the identity making a request can't be trusted in the context it's operating in, no amount of network segmentation compensates.
Conditional access was rebuilt around behavioral signals rather than location or group membership: impossible travel detection, MFA fatigue pattern recognition, token anomaly alerts. These were tuned in Entra Identity Protection and integrated with the SIEM for automated enforcement — because an alert that requires a human to act before access is blocked isn't Zero Trust, it's a notification.
PIM was restructured to replace standing assignments with time-bound activations. BeyondTrust Password Safe handled service account governance — ensuring even automated processes operated under scoped, rotated credentials rather than persistent permissions. Directory schema was normalized across Entra ID, Active Directory, and ActiveIDM to eliminate the attribute conflicts that had been producing incorrect access decisions at the source.
Standing privileges reduced by over 70%. Conditional access moved from policy-on-paper to policy-in-enforcement, with automated playbooks responding to risk signals rather than queuing tickets. The security model the organization had described in documentation now matched what the environment actually did. That gap closing is what Zero Trust actually means.
Download the expanded case study with NIST 800-207 control mapping, schema normalization approach, and PIM activation workflow design.