Microsoft 365 Zero Trust Mind Map Microsoft Authenticator app

Windows Hello for Business

jads.blog
Multi-Factor Authentication FIDO2 security key

SMS

Voice call

OATH software or hardware tokens

Application Protection Policies

Mobile Device Management Policy

Device health and compliance (Intune Integration)

Secure adaptive access
Sensitive info types Session Policies
Azure AD Conditional Access Policies Session management (Defender for Cloud Apps Integration)

Trainable classifiers Know your data Location/Device States/Application based policies

User Risk
Data Classfication
Risk based policies (Integration with AAD Identity Protection)
Sign In Risk

Integration with Log Analytics (Microsoft Sentinel)

Reports and monitoring Azure AD Workbooks

Conditional Access Insights &Reporting

Identity Secure Score

MIP Unified Labeling Scanner
Automatic Labeling
MIP Unified labeling client
SSO using OpenID Connect
Manual Labeling Sensitivity labels
SSO using SAML
Double Key Encryption (DKE) Protect your data Single Sign on
SSO to on-premises apps (Azure AD Application Proxy)
Office 365 Message Encryption (OME)
Secure your Identities
Microsoft Defender for Cloud Apps
Protect your Sensitive Data Seamless user experience Passwordless Authentication
Windows Hello for Business
File policies
Microsoft Authenticator app
Autolabeling policies
FIDO2 security keys
Microsoft Purview Data Map

MyApps
Self Service portals
MyAccount

Sensitive info types as condition MyAccess (Integration with Azure AD Access Packages)

Sensitivity labels as condition My Signins

Policy templates Microsoft Purview Data Loss Prevention

External Identities
Endpoint DLP
Prevent Data Loss Azure AD B2B Cross tenant Settings
Integration with Defender for Endpoint
Microsoft 365 Zero Trust External Identities
Azure AD B2C

Pass the Hash Synchronisation (PHS)

Pass Through Authenication (PTA)

Unified identity management Hybrid Identity Azure AD Connect
Data Loss Prevention on-premises scanner Federation (ADFS)

DLP for Teams Chat and channel messages Group based licensing

User & Group Management Dynamic groups

Application assignments

Retention policies Managed Identities

Retention Labels Data Retention & Deletion
Cloud Only Accounts
Mailbox archiving

Govern your Data

Records Management Azure AD Access Packages

Sensitive info types Lifecycle management Azure AD Access Reviews

Automated Policies
Auto apply labels
Specific keywords Simplified identity governance HCM driven Provisioning

Hybrind provisioning using Azure AD Connect

Trainablle Classifier

eDiscovery
Content search Azure AD PIM for Azure AD Roles (Just in time access)

Core eDiscovery Azure AD PIM for Azure Resources (JIT access)

Priviliged Identity Management Priviliged role monitoring and auditing

Advanced eDiscovery

Manage permissions and access (Azure, AWS, GCP)

Cross cloud visibility

Entra Permissions Management
Monitoring & least privilege enforcement

Detect and respond to on-premises Identity attacks

Assess the security posture of your hybrid environments

Defender for Identity
Isolate and remediate compromised accounts
Identities Azure AD Identity Protection

Discover vulnerabilities and misconfigurations

Detect and block sophisticated threats and malware

Defender for Endpoint
Microsoft 365 Defender (XDR) Detect and respond to advanced attacks with deep threat monitoring and analysis
Endpoints Simplify endpoint security management

Secure and protect your cloud assets Discover and control the use of shadow IT
Perimeter Control
VPN Gateway Protect your sensitive information anywhere in the cloud (File policies and Threat protection policies)

Azure DDoS Protection Real-time control an (Session policies, Integration with Conditional Access) Native Integration with Microsoft Sentinel using connectors
Applications Defender for Cloud Apps
Azure Front Door Cloud Security Posture

Azure Firewall

Network Security Groups/ASGs Protect your Cloud Workloads Detect and Respond to Threats Protection against advanced attacks (phishing, malware, spam, etc.)
Emails and documents Defender for Office 365
Protection beyond email (Microsoft Teams, SharePoint, OneDrive, and Office apps)
UDRs
Subnets Virtual Networks Internal email protection
Inboud/Outbound Control

IoT Devices Defender for IoT Asset discovery and context

Risk-based vulnerability management

Threat detection with IoT and OT behavioral analytics

Managed Identities

Double Key Encryption Key & Secrets Management

Hold your Own Key Microsoft Native connectors

Integration with Azure Key Vault Data Connectors
Application passwords Third party connectors
Data Collection

Bring your Own Key

Syslog
Key auto-rotation
Microsoft Sentinel Data Collector API
Custom Log format (Log Analytics Agent)

Azure Functions and the REST API

Common Event Format (CEF) over Syslog

Fusion (Advanced Multi stage attacks)

Microsoft Sentinel Detection
Build in detection rules
Machine Learning behavioral analytics
Microsoft Defender for IoT IoT Workloads
Anomaly rule templates

Scheduled rules
Microsoft Defender for Azure Cosmos DB Cosmos Environments
Near Real time rules
Detect Threats
Microsoft Defender for DNS DNS

Microsoft Defender for Servers Servers

Kusto Query Language (KQL)
Custom rules
Microsoft Defender for Storage Azure Storage Query Scheduling/Thresholds

Microsoft Defender for SQL SQL Servers

Incident breakdown
Microsoft Defender for Containers Containers
Investigation
Notebooks

App services User and Entity Behavior Analytics (UEBA)

Microsoft Defender for App Service
Workbooks
Microsoft Defender for Key Vault Key Vault
Hunting Queries

Entity Pages
Microsoft Defender for Resource Manager Resource deployment

Triggers

Automation Rules Conditions

Threat Detection alerts
Actions
Security Orchestration, Automation, and Response (SOAR)
Advanced protection & remediation

Insights and visibility Workload protections dashboard

Connectors (Managed or Custom)
Playbooks (Integration with Azure Logic Apps) Triggers
Playbooks (Integration with Logic Apps)
Actions
Integration with Microsoft Sentinel (connectors) Investigate and respond
Alerts and Incidents

Workbooks
Azure Databricks/Apache Spark

Bring your own Machine Learning (ML)

Azure Monitor logs and metrics Jupyter Notebooks
Telemetry logs
Logs & Traces

Diagnosis

Audit

Security policies Enforce

Security Initiaties (created in Azure Policy)

Azure Security Benchmark (default)
Cloud Security Posture Management (CSPM) Requirements & Regulations
Third party regulations (CIS, NIST, etc.)

Custom Initiaties

Policy enforcement
Security Recommendations
Remedation steps

Microsoft Defender for Cloud

Azure
Security Posture
Google Cloud Platform (GCP)

Amazon Web Services (AWS)

Security Alerts & Incidents

Cloud Workload Protection

Behavioral Analytics
Threat Intelligence
Anomaly detection

Integration with SIEM/SOAR