CrowdStrikeadvanced

CrowdStrike Zero Trust Assessment (ZTA): Implementation & Security Scoring

Implement CrowdStrike Zero Trust Assessment (ZTA) to evaluate endpoint security posture. Step-by-step guide to enable ZTA scoring, assess device compliance, and enforce zero trust policies with Falcon.

18 min readUpdated January 2025

CrowdStrike Zero Trust Assessment (ZTA) provides real-time security posture insights for endpoints, helping organizations implement adaptive access controls based on risk levels. ZTA continuously evaluates device security based on multiple factors, ensuring that only trusted and compliant devices can access corporate resources.

This guide explains how to enable, configure, and use ZTA in the Falcon Console.

Step 1: Log Into the Falcon Console

  1. Open a browser and go to: https://falcon.crowdstrike.com or https://falcon.us-2.crowdstrike.com/ (Varies by tenant).
  2. Sign in using your admin credentials.
  3. Navigate to Zero Trust Assessment in the left-hand menu.

Step 2: Enable Zero Trust Assessment (ZTA)

  1. In the ZTA Dashboard, click Enable ZTA (if not already active).
  2. Configure Risk Scoring Settings, which analyze:
    • Endpoint security configuration (patch status, firewall, encryption).
    • User behavior and authentication patterns.
    • Threat detections and recent alerts.
  3. Click Save Settings to activate ZTA monitoring.

Step 3: View Device Trust Scores

  1. Go to ZTA Dashboard to see real-time trust scores.
  2. Trust scores range from 0 to 100, with risk classifications:
    • Low Risk (80-100) – Device is secure.
    • Medium Risk (50-79) – Some security gaps detected.
    • High Risk (0-49) – Immediate action needed (e.g., malware detected).
  3. Click on a device to see a detailed security breakdown, including:
    • Unpatched vulnerabilities
    • Weak authentication settings
    • Suspicious processes or user activity

Step 4: Enforce Conditional Access with ZTA

Option 1: Integrate ZTA with Identity Providers (Okta, Azure AD, Ping Identity)

  1. Go to ZTA > Integrations.
  2. Select an Identity Provider (IdP) to enforce risk-based access policies.
  3. Configure Conditional Access Policies, such as:
    • Block access for High-Risk devices.
    • Require MFA for Medium-Risk devices.
    • Allow seamless login for Low-Risk devices.
  4. Click Save Policy and apply it to your users.

Option 2: Use ZTA for Network Segmentation

  1. Navigate to ZTA > Network Policies.
  2. Define device risk thresholds for accessing:
    • Corporate VPN
    • SaaS applications
    • Internal servers
  3. Enforce automatic network restrictions based on trust scores.

Step 5: Monitor and Adjust ZTA Policies

  1. Go to ZTA Reports to analyze trust score trends.
  2. Adjust policies based on emerging threats or compliance needs.
  3. Investigate high-risk devices and take remediation actions:
    • Force software updates.
    • Require user verification.
    • Contain compromised endpoints.

Best Practices for ZTA Implementation

Regularly review device trust scores – Identify high-risk endpoints early.
Integrate with Identity and Access Management (IAM) – Automate risk-based authentication.
Use ZTA for compliance audits – Ensure devices meet security baselines.
Continuously refine policies – Adjust risk scoring to match evolving threats.

Frequently Asked Questions

Find answers to common questions

To configure risk scoring settings in CrowdStrike ZTA, log into the Falcon Console and navigate to the ZTA Dashboard. Click on 'Enable ZTA' if it is not already active. Under the risk scoring settings, you can analyze endpoint security configurations, including patch status, firewall status, and encryption, alongside user behavior and authentication patterns. You also assess threat detections and recent alerts. Once you have adjusted these parameters to fit your organization's security needs, click 'Save Settings' to activate ZTA monitoring and ensure real-time compliance with your risk policies.

Need Professional Help?

Our team of experts can help you implement and configure these solutions for your organization.

Contact Our TeamView Our Services

Related Articles

CrowdStrike User Roles: Create Custom Roles & Manage Permissions

Create and manage user roles in CrowdStrike Falcon with custom permissions. Step-by-step guide to configure role-based access control (RBAC), assign permissions, and restrict user access to Falcon console features.

Read More →

CrowdStrike Exchange Exclusions | Configure Falcon for Exchange Server

Configure essential CrowdStrike exclusions for Microsoft Exchange Server. Protect database files, transaction logs, and processes to prevent corruption and ensure mail flow.

Read More →

Deploy CrowdStrike Falcon via GPO | Active Directory Guide

Step-by-step guide to deploy CrowdStrike Falcon sensors using Group Policy. Silent installation, startup scripts, troubleshooting tips for AD environments.

Read More →
Back to CrowdStrike