Forescout + Microsoft Intune Bring ZTA to Life in NIST SP 1800-35
Application control can be a department’s first tangible step toward Zero Trust Architecture (ZTA). Departments find value in application layer Zero Trust because it offers a localized approach to enforcing security controls without requiring enterprise-wide IT support or broader infrastructure changes. Solutions that include conditional access and identity provisioning tightly manage who can access what and under what conditions. Departments with heavy regulatory requirements can easily implement these solutions and check a box to demonstrate compliance with their obligations. However, that checkbox by itself doesn’t address the full scope of ZTA in increasingly complex, heterogenous, hybrid network environments.
Application-layer enforcement cannot detect or block devices that never attempt to access protected applications at the data boundary imagined by IT administrators. It won’t prevent malware or bad actors from spreading laterally across segments. It can’t revoke access when a device’s security posture degrades during a session or prevent access to every nook and cranny that users find to store data. In other words, it governs from the front door to a subset of data, but offers no control once a malicious actor, or a malicious entity gains access to the network.
From Access to Action: Enforcing Zero Trust Across the Stack
The newly released NIST 1800-35 Special Publication shows that effective ZTA requires the ability to observe, assess, and act at every layer of the security stack. Security teams looking to adopt ZTA can treat this document as a maturity model that begins with discovery, builds context, provides logic for enforcement based on risk, and finally adapts to changing and emerging threats.
NIST SP 1800-35 shows that application-level Zero Trust is a component of a multi-layered, integrated approach to securing enterprise systems. It requires visibility, posture context, and consistent policy enforcement across hybrid environments. In fact, operationalizing Zero Trust Architecture requires active enforcement across the network layer to:
- Prevent lateral movement
- Detect unmanaged or rogue devices
- Stop unauthorized communications that never interact with ‘sanctioned’ applications
These threats completely bypass application layer controls, operating below the radar in east-west traffic or through legacy protocols and applications that lack Zero Trust design.
This is where NIST’s example architecture provides critical guidance. In Enterprise Build 3 of NIST SP 1800-35, Forescout and Microsoft Intune demonstrate how organizations can extend Zero Trust enforcement to every device and across all network layers. This integration enables organizations to maintain visibility and control beyond application access decisions, scaling into the session lifecycle.
NIST’s Blueprint for Zero Trust: Visibility, Posture, and Control
Here’s how it works: Forescout continuously discovers, classifies, and assesses devices across the environment, including manageable, unmanageable, IoT, and OT assets. Microsoft Intune provides insights into the user along with the device’s compliance state, posture, and security configuration when they cross the application boundary. By combining these two perspectives, the protected system takes real-time actions, including:
- Segmenting or isolating risky devices
- Adjusting access based on posture changes
- Blocking lateral communications between assets that should never interact
When combined, Microsoft Intune, Microsoft Defender, and Forescout extend policy enforcement to every inch of the extended enterprise, ensuring that data access controls are consistently enforced at every layer from the local network to the cloud. It could be a modern application built with security in mind or a mission-critical device without a modern replacement.
This integration results in precisely what ZTA is designed for: Dynamic, adaptive security enforcement. Rather than relying on static rules or one-time authentication checks, organizations can respond in real time to posture degradation, behavioral anomalies, and emerging threats across a variety of managed and unmanaged devices, shifting Zero Trust from a login event to continuous control and governance.
Ultimately, application-layer Zero Trust is an indispensable piece of ZTA. NIST SP 1800-35 demonstrates that a complete Zero Trust implementation includes network layer visibility, device-level context, and dynamic enforcement capabilities. The collaboration between Forescout and Microsoft Intune demonstrates how organizations can achieve this by unifying identity, posture, and network intelligence to enforce Zero Trust across every layer of the enterprise. This is the operational foundation that transforms a static security framework into a living, adaptive Zero Trust defense model, protecting against real-world threats in real time.
A Note on NIST SP 1800-35
Forescout is recognized in the NIST Special Publication 1800-35 as a technology collaborator contributing to multiple advanced ZTA builds. Forescout’s role includes delivering real-time asset discovery, device classification, network segmentation, and enforcement across connected environments and tools. The publication lists Forescout as a contributing vendor alongside other major players, including Microsoft, Cisco, Zscaler, and Palo Alto Networks. This acknowledgment confirms that the National Cybersecurity Center of Excellence (NCCoE) used Forescout technologies to implement and demonstrate Zero Trust capabilities.
Forescout’s inclusion in multiple builds, especially in advanced enforcement phases like E3B2-B4, shows that the Forescout 4D Platform™ is a key enabler of ZTA. Forescout delivers a multi-layered approach to Zero Trust Security, and our ability to interoperate with a rich ecosystem of vendors and tools positions Forescout as a foundational partner in real-world Zero Trust Architectural implementations.
We want to thank the NCCoE and NIST for their leadership and collaboration, and we look forward to continuing to work together to secure the connected world.