Cybersecurity Reference Architecture: Security for a Hybrid Enterprise


The Microsoft cybersecurity reference architecture will be explained by demoing key components, starting with Azure Security Center for a cross platform visibility, protection and threat detection. Then a walk through on how you can secure different Azure services covering Azure Policies, Azure Key Vault, Azure WAF, NSGs, Backup and recovery sites, disk and storage encryption, DDOS attack mitigation, SQL Encryption, SQL data masking, Azure Active Directory, Intune, Azure Information Protection, Azure Log analytics, Azure Monitoring and Azure Sentinel.

The Microsoft Cybersecurity Reference Architecture describes Microsoft’s cybersecurity capabilities and how they integrate with existing security architectures and capabilities. We recently updated this diagram and wanted to share a little bit about the changes and the document itself to help you better utilize it.

The MCRA cover M365 Security and Compliance Portal, CASB, MDATP, Azure ATP, Secure Score and Compliance Manager.

After this session you will have the ability to know how and where you could protect, detect and remediate attacks for a secure infrastructure; manage your identities; protect your endpoints and users from basic and advanced threats; and classify and encrypt your data.

We have seen this document used for several purposes by our customers and internal teams (beyond a geeky wall decoration to shock and impress your cubicle neighbors).

Starting template for a security architecture – The most common use case we see is that organizations use the document to help define a target state for cybersecurity capabilities. Organizations find this architecture useful because it covers capabilities across the modern enterprise estate that now spans on-premise, mobile devices, many clouds, and IoT / Operational Technology.

Comparison reference for security capabilities – We know of several organizations that have marked up a printed copy with what capabilities they already own from various Microsoft license suites (many customers don’t know they own quite a bit of this technology), which ones they already have in place (from Microsoft or partner/3rd party), and which ones are new and could fill a need.

Microsoft capabilities – In presentation mode, each capability has a “ScreenTip” with a short description of each capability + a link to documentation on that capability to learn more.

Microsoft’s integration investments – The architecture includes visuals of key integration points with partner capabilities (e.g. SIEM/Log integration, Security Appliances in Azure, DLP integration, and more) and within our own product capabilities among (e.g. Advanced Threat Protection, Conditional Access, and more).

cybersecurity – We have also heard reports of folks new to cybersecurity using this as a learning tool as they prepare for their first career or a career change.

1 thought on “Cybersecurity Reference Architecture: Security for a Hybrid Enterprise

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.