You can implement microsegmentation at different layers:
Network-based. Use next-generation firewalls or SDN controllers to enforce rules between network segments. Works with existing infrastructure but requires network changes.
Host-based. Deploy agents on each workload. Agents enforce policy at the OS level regardless of network topology. Works in any environment including cloud.
Hypervisor-based. In virtualized environments, the hypervisor enforces rules between VMs. No agent required on guests.
Start by mapping application dependencies. You can't segment what you don't understand.