The correct answer is A . Microsoft Learn defines Zero Trust as a security strategy built on the principles verify explicitly , use least privilege access , and assume breach . Microsoft also summarizes Zero Trust as a model that assumes breach and verifies every request , rather than trusting users, devices, or traffic simply because they originate from inside the corporate network. This is the key reason option A is correct. Under Zero Trust, every access request should be evaluated continuously using available signals such as identity, device state, location, service, and risk.

Option B is incorrect because improving user experience is not the defining principle of Zero Trust. Option C is incorrect because Zero Trust requires ongoing review and adjustment of permissions, especially through least privilege and risk-based access. Option D is incorrect because Zero Trust explicitly rejects implicit trust based on network location. Microsoft states that organizations should reduce reliance on the traditional idea that anything on the internal network is automatically safe or trustworthy.