The advent of microsegmentation capabilities in the public and private cloud environments is a game changer….however few are prepared to handle it. Microsegmentation brings with it application of tighter network security policies, significantly more visibility, and sadly more complexity….without forethought. In this talk we explore the in’s and out’s of building a microsegmentation network policy using a new purpose built ITSG-22 compliant framework. We explore workload tagging structure, dynamic network security groups, network security policy, delivery of global services, and the inevitable exceptions. We will also touch upon the logging data generated by these solutions and how we can be ready to ingest them into respective Datalake / SIEM / CLS solutions.