Learn Editor: Update traffic-analytics-zero-trust.md

Author: shijaiswal

articles/network-watcher/traffic-analytics-zero-trust.md

@@ -1,5 +1,4 @@
 ---
-
 title: Apply Zero Trust Principles to Segment Azure Network through Traffic Analytics
 description: Learn how to use Azure Traffic Analytics to apply Zero Trust principles, segment networks, and detect security risks in your Azure environment.
 author:      shijaiswal # GitHub alias
@@ -14,6 +13,8 @@ ms.date:     06/04/2025
 
 
 
+## What is Zero Trust ?
+
 Zero Trust is a security strategy. It isn't a product or a service, but an approach in designing and implementing the following set of security principles.
 
 |Principle|Description|
@@ -66,7 +67,17 @@ Traffic patterns are visualized using built-in dashboards, with flexibility to c
 
 - **Detect compromised IPs/resources:** Use traffic analytics to identify potentially compromised IP addresses or resources, helping to strengthen security and maintain performance.
 
-The following sections highlight key scenarios where traffic analytics supports micro-segmentation to help implement Zero Trust principles in Azure.
+#### How to deploy Zero Trust Segmentation (ZTS) with Traffic Analytics?
+
+As a first critical step to deploy Zero Trust Segmentation over existing or new Azure deployment user needs to
+
+- **Start with default deny posture**: It starts with removing or disabling all existing inbound and outbound rules that allows traffic broadly (eg., Allow All, Allow, etc.,) and adding explicit deny rules for both inbound and outbound traffic.
+
+- **Observe the patterns through Traffic Analytics**: Analyze Flow Logs to identify the traffic patterns that are essential for your workload. 
+
+- **Create selective allow rules**: Based on insights from Traffic Analytics, define rules that explicitly allow only the observed and necessary traffic. This approach ensures that only validated, required traffic is permitted, aligning with Zero Trust principle of Verifying explicitly.
+
+The following sections highlight key scenarios where traffic analytics supports segmentation to help implement Zero Trust principles in Azure.
 
 ## Scenario 1: Detect traffic flowing through risky or restricted regions