As described below, I developed content for the Developer guidance section of the Microsoft Zero Trust Guidance Center on Microsoft’s public Learn documentation platform. This project was in fulfillment of the scope of my role as Senior Technical Writer at Microsoft with the Microsoft Security, Identity and Network Access Team.
Situation
The requirements for this content were developed in response to a criticism from Gartner that Microsoft’s Zero Trust documentation did not adequately address the needs of software developers to comply with the US executive order 14028, Improving the Nation’s Cyber Security that directs federal agencies on advancing security measures to reduce the risk of successful cyberattacks against the federal government’s digital infrastructure. On January 26, 2022, the Office of Management and Budget (OMB) released the federal Zero Trust strategy in memorandum 22-09, in support of EO 14028. Microsoft had me begin development of content for the software developer role in April 2022.
Task
Initial content scope was bound to the developer workshop sessions listed in the Source material section below; however, I regularly looked for additional content that could be sourced to enhance the offerings, working with the Product Manager to identify the best options to add value to the project. The additional content that was approved for inclusion is listed after the developer workshop links.
Approach
After reviewing the source material, I drafted collaboration files in Microsoft Word on a SharePoint site for review by Subject Matter Experts (SME). After SME sign-off, I developed the content in Markdown using Visual Studio Code to comply with multiple Microsoft contributor and style guides. When necessary, I edited existing or created new graphics in PowerPoint, exporting PNG files to be embedded in articles. I published the Markdown and graphics files using GitHub, following an established process for Microsoft Learn content.
Results
The project’s Product Manager was always extremely happy with the quality of my work, my ability to work independently and guide SMEs towards content improvements, my delivery of final content ahead of deadlines, and my forward-thinking, above-scope identification of existing content to supplement the desired results. Feedback from Gartner is forthcoming.
Links to currently-published articles are provided below followed by a PDF export of the entire Zero Trust Guidance Center that includes most recent content to which I contributed (on pages 204 through 274).
- Overview
- Develop using Zero Trust principles | Microsoft Learn
- What do we mean by Zero Trust compliance? | Microsoft Learn
- Zero Trust identity and access management development best practices | Microsoft Learn
- Using standards-based development methodologies | Microsoft Learn
- Developer and administrator responsibilities | Microsoft Learn
- Permissions and access
- Building apps that secure identity through permissions and access | Microsoft Learn
- Supported identity and account types for single- and multi-tenant apps | Microsoft Learn
- Acquiring authorization to access resources | Microsoft Learn
- Developing delegated permissions strategy | Microsoft Learn
- Developing application permissions strategy | Microsoft Learn
- Requesting permissions that require administrative consent | Microsoft Learn
- Reducing overprivileged permissions and apps | Microsoft Learn
- Providing application identity credentials when there’s no user | Microsoft Learn
- Protecting APIs | Microsoft Learn
- Example of API protected by Microsoft identity consent framework | Microsoft Learn
- Calling an API from another API | Microsoft Learn
- Authorization best practices | Microsoft Learn
- Zero Trust DevSecOps
Source material
- Microsoft identity platform developer workshop, day one (April, June)
- Microsoft identity platform developer workshop, day two (April, June)
- Microsoft identity platform developer workshop, day three (April, June)
- Overprivileged apps on the Microsoft identity platform – YouTube
- Securing Enterprise DevOps Environments (microsoft.com) eBook
- Accelerate and secure your code to cloud development (microsoft.com) from a Microsoft Build 2022 session