Authors - Kushall Pal Singh, Vijay Kumar, Monu Verma, Dinesh Kumar Tyagi, Santosh Kumar Vipparthi Abstract - Hybrid enterprise environments spanning on-premises systems and public cloud services increase exposure to credential abuse, lateral movement, and misconfiguration-driven attack paths, motivating continuous verification and policy enforcement beyond perimeter assumptions. This paper presents an Azure-native, AI-enhanced Zero Trust framework that integrates identity-first enforcement (Microsoft Entra Conditional Access, Continuous Access Evaluation, and Privileged Identity Management), telemetry centralization (Microsoft Sentinel with UEBA), and an Azure Machine Learning classifier that outputs a probability-derived 0–100 trust score. Because identity policy engines consume bounded native signals, the framework binds external scoring to enforcement using SOAR automation that updates policy-targeted identity group membership via Microsoft Graph. A controlled A/B evaluation compares a static baseline (non-adaptive enforcement) with an adaptive mode (ML-in-the-loop scoring and automated score-to-policy binding) using MITRE ATT&CK-aligned scenarios: impossible travel sign-in, privilege escalation attempts via privileged activation workflows, and lateral movement via remote access/filesharing pathways. Quantitative outcomes are reported using median (P50) and tail (P95) time-to-detect, decision latency, and false-positive rate. To technically validate the adaptive control loop, the paper also reports an instrumented latency decomposition (trigger delay, playbook runtime, ML scoring call duration, and score-to-policy execution time) to show which components dominate end-to-end delay.
Open Zoom