Microsoft Cybersecurity Reference Architectures

The Microsoft Cybersecurity Reference Architectures (MCRA) describe Microsoft’s cybersecurity capabilities. The diagrams describe how Microsoft security capabilities integrate with Microsoft platforms and 3rd party platforms like Microsoft 365, Microsoft Azure, 3rd party apps like ServiceNow and salesforce, and 3rd party platforms like Amazon Web Services (AWS) and Google Cloud Platform (GCP).

Download the file here

The reference architectures are primarily composed of detailed technical diagrams on Microsoft cybersecurity capabilities, zero trust user access, security operations, operational technology (OT), multi-cloud and cross-platform capabilities, attack chain coverage, azure native security controls, and security organizational functions.

Microsoft Cybersecurity Reference Architecture - Page 1

The MCRA also includes an overview of Zero Trust and a Zero Trust rapid modernization plan (RaMP). Additionally, this includes other key information on security operations and key initiatives like protecting from human operated ransomware, securing privileged access, moving beyond VPN, and more.

Microsoft Cybersecurity Reference Architecture - Page 2

Using the MCRA

We have seen these diagrams used for several purposes including

  • Starting template for a security architecture - The most common use case we see is that organizations use the document to help define a target state for cybersecurity capabilities. Organizations find this architecture useful because it covers capabilities across the modern enterprise estate that now spans on-premise, mobile devices, multiple clouds, and IoT / Operational Technology.
  • Comparison reference for security capabilities - Some organizations use this to compare Microsoft's recommendations with what they already own and have implemented. Many organizations find that they already own quite a bit of this technology already and weren't aware of it.
  • Learn about Microsoft capabilities - We have also seen this used as a learning tool. Note that in presentation mode, each capability has a "ScreenTip" with a short description of each capability + a link to documentation to learn more.
  • Learn about Microsoft's integration investments - The architecture helps architects and technical teams identify how to take advantage of integration points within Microsoft capabilities and with existing security capabilities.
  • Learn about Cybersecurity - Some folks, particularly those new to cybersecurity, use this as a learning tool as they prepare for their first career or a career change.

Next Steps

Download the file here