Security Operations Center (SOC) Software as a Service

Cybersecurity Reference Architecture

Microsoft Threat Experts Incident Response, Recovery, & CyberOps Services
April 2019 – https://aka.ms/MCRA | Video Recording | Strategies
Office 365
Azure Sentinel – Cloud Native SIEM and SOAR (Preview) Secure Score

Vuln Cloud App Azure Microsoft Office 365 Azure Customer Lockbox
Security This is interactive! Roadmaps and Guidance
Mgmt Security Center Defender

Advanced Threat Protection (ATP) 1. Present Slide 1. Securing Privileged Access

Dynamics 365
MSSP
2. Hover for Description
2. Office 365 Security
Identity & Access
Graph Security API – 3rd Party Integration 3. Click for more information
3. Rapid Cyberattacks ( Information Protection Azure Active
Wannacrypt/Petya) Directory
Alert & Log Integration

Conditional Access – Identity Perimeter Management

Clients Hybrid Cloud Infrastructure
Cloud App Security Azure AD Identity
Unmanaged & On Premises Datacenter(s) 3rd party IaaS Microsoft Protection
Azure Information Leaked cred protection
Mobile Devices Azure Protection (AIP) Behavioral Analytics
Azure Security Center – Cross Platform Visibility, Protection, and Threat Detection Configuration Hygiene

Classification Labels
Discover
Just in Time VM Access Classify Azure AD PIM
Azure Security Adaptive App Control Protect
NGFW Multi-Factor
Intune MDM/MAM Firewall Appliances Monitor
Extranet

Authentication
Edge DLP Hold Your Own Key (HYOK)
Azure Policy Azure AD B2B
Managed Clients SSL Proxy
AIP Scanner Azure AD B2C
IPS/IDS Azure Key Vault
Express Route Azure WAF Hello for Business
System Center Windows Server 2019 Security Azure Antimalware Office 365 MIM PAM
Configuration Manager
Intranet Servers

Window 10 + Just Enough Admin, Hyper-V Containers, Nano server, and more… • Data Loss Protection
Application & Network • Data Governance
Microsoft Defender ATP Security Groups Azure ATP
Shielded VMs • eDiscovery
VMs
Backup & Site
Azure Stack
Recovery Azure SQL Active Directory
Secure Threat Threat Detection
Privileged Access Workstations (PAWs) Disk & Storage
Score Analytics SQL Encryption & ESAE Admin Forest
Encryption
Data Masking
Confidential
Windows 10 Enterprise Security Included Azure SQL Info
IoT and Operational Technology Computing
with Azure Protection
Network protection App control (VMs/etc.) DDoS attack
Credential protection Isolation
Windows 10 IoT IoT Security Maturity Model Premium Mitigation+Monitor Microsoft Defender ATP
Exploit protection Antivirus
Reputation analysis Behavior monitoring Security
Full Disk Encryption Azure IoT Security Azure Sphere IoT Security Architecture Feature
Attack surface Compliance Manager
reduction
S Mode
Security Development Lifecycle (SDL)
Trust Center Intelligent Security Graph
Security Operations Center (SOC)
Microsoft Threat Experts
Security Information and Event
Azure Sentinel
– Cloud
Software as a Service
Cybersecurity Reference Architecture
Incident Response, Recovery, & CyberOps Services
April 2019 – https://aka.ms/MCRA | Video Recording | Strategies
Office 365
Management
(SIEM)
Native SIEM Analytics/Automation
and SOAR (Preview) Secure Score

Vuln Cloud App Azure Microsoft Office 365 Azure Customer Lockbox
Security This is interactive! Roadmaps and Guidance
Mgmt Security Center Defender

Advanced Threat Protection (ATP) 1. Present Slide 1. Securing Privileged Access

Dynamics 365
MSSP
2. Hover for Description
2. Office 365 Security
Identity & Access
Graph Security API – 3rd Party Integration 3. Click for more information
3. Rapid Cyberattacks ( Information Protection Azure Active
Wannacrypt/Petya) Directory
Alert & Log Integration

Conditional Access – Identity Perimeter Management

Clients Hybrid Cloud Infrastructure
Cloud App Security Azure AD Identity
Unmanaged & On Premises Datacenter(s) 3rd party IaaS Microsoft Protection
Azure Information Leaked cred protection
Mobile Devices Azure Protection (AIP) Behavioral Analytics
Azure Security Center – Cross Platform Visibility, Protection, and Threat Detection Configuration Hygiene

Classification Labels
Discover
Just in Time VM Access Classify Azure AD PIM
Azure Security Adaptive App Control Protect
NGFW Multi-Factor
Intune MDM/MAM Firewall Appliances Monitor
Extranet

Authentication
Edge DLP Hold Your Own Key (HYOK)
Azure Policy Azure AD B2B
Managed Clients SSL Proxy
AIP Scanner Azure AD B2C
IPS/IDS Azure Key Vault
Express Route Azure WAF Hello for Business
System Center Windows Server 2019 Security Azure Antimalware Office 365 MIM PAM
Configuration Manager
Intranet Servers

Window 10 + Just Enough Admin, Hyper-V Containers, Nano server, and more… • Data Loss Protection
Application & Network • Data Governance
Microsoft Defender ATP Security Groups Azure ATP
Shielded VMs • eDiscovery
VMs
Backup & Site
Azure Stack
Recovery Azure SQL Active Directory
Secure Threat Threat Detection
Privileged Access Workstations (PAWs) Disk & Storage
Score Analytics SQL Encryption & ESAE Admin Forest
Encryption
Data Masking
Confidential
Windows 10 Enterprise Security Included Azure SQL Info
IoT and Operational Technology Computing
with Azure Protection
Network protection App control (VMs/etc.) DDoS attack
Credential protection Isolation
Windows 10 IoT IoT Security Maturity Model Premium Mitigation+Monitor Endpoint
Microsoft DLP ATP
Defender
Exploit protection Antivirus
Reputation analysis Behavior monitoring Security
Full Disk Encryption Azure IoT Security Azure Sphere IoT Security Architecture Feature
Attack surface Compliance Manager
reduction
S Mode
Security Development Lifecycle (SDL)
Trust Center Intelligent Security Graph