Step 2. Perform a SOC integration readiness assessment using the Zero Trust Framework
Applies to:
- Microsoft Defender XDR
Once the core functions of the Security Operations Center (SOC) team are defined, the next step for your organization is to prepare for the adoption of Microsoft Defender XDR through a Zero Trust approach. Adoption can help you determine the requirements needed for deploying Microsoft Defender XDR using modern industry-leading practices, while evaluating Microsoft Defender XDR's capabilities against your environment.
This approach is based on a strong foundation of protections and includes key areas such as identity, endpoints (devices), data, apps, infrastructure, and networking. The Readiness Assessment team determines the areas where a foundational requirement for enabling Microsoft Defender XDR hasn't yet been met and what needs remediation.
The following list provides some examples of things that must be remediated in order for the SOC to fully optimize processes in the SOC:
- Identity: Legacy on-premises Active Directory Domain Services (AD DS) domains, no MFA plan, no inventory of privileged accounts, and others.
- Endpoints (devices): Large number of legacy operating systems, limited device inventory, and others.
- Data and apps: Lack of data governance standards, or no inventory of custom apps that won't integrate.
- Infrastructure: Large number of unsanctioned SaaS licenses, no container security, and others.
- Networking: Performance issues due to low bandwidth, flat network, wireless security issues, and others.
Use the guidance in turning on Microsoft Defender XDR to capture the baseline set of configuration requirements. These steps help determine remediation activities the SOC teams have to carry out to effectively develop use cases.
Adoption procedures and use case creation are described in Steps 3 and 4.
Next step
Step 3. Plan for Microsoft Defender XDR integration with your SOC catalog of services
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for