Microsoft Cyber Security Architecture (HL)

Microsoft Cyber Security Architecture

Microsoft security products offer great functionality and value, and are considered best-in-class by many standards, It covers the breadth of enterprise security needs and provide deep level of security across all domains.

This high level article is meant to help understand how the different solutions in M365 and Azure security stack fit together.

Download the High Level Architecture PDF

Naming convention
If you found some of our solution names a bit hard to follow in the past, your definitely weren't alone. All that is set to change, with the recent rename of our cybersecurity solutions in an attempt to simplify the naming scheme and classify under common broader nomenclature. With recent rename, these products also follow a simpler naming scheme. Here are the key principles to keep in mind:

  • All security solutions fall under Defender umbrella with 'Defender for [workload]' naming convention (For instance, Defender for Identity, Defender for Endpoints and so on).
  • Everything integrates with everything. We believe the power of automatic correlation and investigation provides the best value to SecOps teams and helps free their time to focus on things that matter. It's very much there, remaining pieces will fall into place gradually.
  • Everything will roll into Sentinel - out cloud-native SIEM.

For more detailed reference architecture, visit Microsoft architecture reference site

Please feel free to download and share the High Level Cybersecurity Architecture, and hit me up on LinkedIn to know more or discuss your cyber security priorities.

Comments

Post a Comment

Popular posts from this blog

Zero Trust Summary

Image
Zero Trust Summary Zero Trust Mindset Zero trust mindset revolves adaptive security policies that embraces the constantly changing work environment requirements and risk profile, and creates policies to always verify based on most latest available information. Very broadly speaking it involves: Provide only sufficient permissions for the job. Instead of believing everything behind corporate firewall is safe, starting with assumption that the request is coming from unsafe conditions and then find reason to trust. Constantly monitoring and creating policies to assess and audit all crucial aspects of security setup. What does it need It's a great concept and a north-star to work towards, however organisations need to approach the implementation of required security policies with proper planning. We need to ensure that various foundational elements of our enterprise are: (1) connected, (2) constantly monitored and (3) contribute towards access and compliance decision-making. ...
Read more

My Office 365 account got hacked. Now What ??!!

So, you found out that one or more of your Office 365 accounts have been hacked. You are getting spam emails that appear to have been sent by some internal users, or getting random authentication requests / password change notification when you know you did not generate any. You need to act fast.  Time is the enemy ... The world is conspiring ... The damage could be irreversible ... It's a battle of wits. Drama aside, the action plan should be to  (1) Assess the damage (2) Take corrective actions (3) Clean up  (4) Update your security setup to prevent future issues. Here’s some steps you should take to get it back in check: Assess: Check the Sent or Deleted Items folders for the hacked to look for emails gone out to unidentified recipients. In many cases the attacker will delete the emails after sending, so run message trace to check extent of such emails sent out. Check for devices linked  to the user’s mailbox. Remo...
Read more