Security Operations Center (SOC) Software as a Service

Cybersecurity Reference Architecture

Microsoft Threat Experts Incident Response, Recovery, & CyberOps Services
April 2019 – https://aka.ms/MCRA | Video Recording | Strategies
Office 365
Azure Sentinel – Cloud Native SIEM and SOAR (Preview) Secure Score

Vuln Cloud App Azure Microsoft Office 365 Azure Customer Lockbox
Security This is interactive! Roadmaps and Guidance
Mgmt Security Center Defender

Advanced Threat Protection (ATP) 1. Present Slide 1. Securing Privileged Access Dynamics 365
MSSP Identity & Access
2. Hover for Description 2. Office 365 Security
rd 3. Click for more information 3. Rapid Cyberattacks
Graph Security API – 3 Party Integration Information Protection Azure Active
(Wannacrypt/Petya)
Directory
Alert & Log Integration

Conditional Access – Identity Perimeter Management

Clients Hybrid Cloud Infrastructure
Cloud App Security Azure AD Identity
Unmanaged & On Premises Datacenter(s) 3rd party IaaS Microsoft Azure Protection
Mobile Devices Azure Information Leaked cred protection
Protection (AIP) Behavioral Analytics
Azure Security Center – Cross Platform Visibility, Protection, and Threat Detection Configuration Hygiene Discover

Classification Labels
Just in Time VM Access Classify Azure AD PIM
Azure Security Adaptive App Control Protect
NGFW Multi-Factor
Intune MDM/MAM Firewall Appliances Monitor
Extranet

Authentication
Edge DLP Hold Your Own Key (HYOK)
Managed Clients Azure Policy Azure AD B2B
SSL Proxy
AIP Scanner Azure AD B2C
IPS/IDS Azure Key Vault
Express Route Azure WAF Hello for Business
System Center Windows Server 2019 Security Office 365
Configuration Manager
Azure Antimalware MIM PAM
Intranet Servers

Window 10 + Just Enough Admin, Hyper-V Containers, Nano server, and more… • Data Loss Protection
Application & Network • Data Governance
Microsoft Defender ATP Security Groups • eDiscovery Azure ATP
Shielded VMs
VMs
Backup & Site
Azure Stack Active Directory
Recovery Azure SQL
Secure Threat Threat Detection
Privileged Access Workstations (PAWs) Disk & Storage
Score Analytics SQL Encryption & ESAE Admin Forest
Encryption
Data Masking
Confidential
Included Azure SQL Info
Windows 10 Enterprise Security IoT and Operational Technology Computing
Protection
with Azure
Network protection App control (VMs/etc.) DDoS attack
Credential protection Isolation
Windows 10 IoT IoT Security Maturity Model Premium Mitigation+Monitor Microsoft Defender ATP
Exploit protection Antivirus
Security
Reputation analysis Behavior monitoring
Azure IoT Security IoT Security Architecture Feature
Full Disk Encryption Azure Sphere
Attack surface Compliance Manager
reduction
S Mode
Security Development Lifecycle (SDL)
Trust Center Intelligent Security Graph
Security Operations Center (SOC)
Microsoft Threat Experts
Security Information and Event
Azure Sentinel
– Cloud
Software as a Service
Cybersecurity Reference Architecture
Incident Response, Recovery, & CyberOps Services
April 2019 – https://aka.ms/MCRA | Video Recording | Strategies
Office 365
Management
(SIEM)
Native SIEM Analytics/Automation
and SOAR (Preview) Secure Score

Vuln Cloud App Azure Microsoft Office 365 Azure Customer Lockbox
Security This is interactive! Roadmaps and Guidance
Mgmt Security Center Defender

Advanced Threat Protection (ATP) 1. Present Slide 1. Securing Privileged Access Dynamics 365
MSSP Identity & Access
2. Hover for Description 2. Office 365 Security
rd 3. Click for more information 3. Rapid Cyberattacks
Graph Security API – 3 Party Integration Information Protection Azure Active
(Wannacrypt/Petya)
Directory
Alert & Log Integration

Conditional Access – Identity Perimeter Management

Clients Hybrid Cloud Infrastructure
Cloud App Security Azure AD Identity
Unmanaged & On Premises Datacenter(s) 3rd party IaaS Microsoft Azure Protection
Mobile Devices Azure Information Leaked cred protection
Protection (AIP) Behavioral Analytics
Azure Security Center – Cross Platform Visibility, Protection, and Threat Detection Configuration Hygiene Discover

Classification Labels
Just in Time VM Access Classify Azure AD PIM
Azure Security Adaptive App Control Protect
NGFW Multi-Factor
Intune MDM/MAM Firewall Appliances Monitor
Extranet

Authentication
Edge DLP Hold Your Own Key (HYOK)
Managed Clients Azure Policy Azure AD B2B
SSL Proxy
AIP Scanner Azure AD B2C
IPS/IDS Azure Key Vault
Express Route Azure WAF Hello for Business
System Center Windows Server 2019 Security Office 365
Configuration Manager
Azure Antimalware MIM PAM
Intranet Servers

Window 10 + Just Enough Admin, Hyper-V Containers, Nano server, and more… • Data Loss Protection
Application & Network • Data Governance
Microsoft Defender ATP Security Groups • eDiscovery Azure ATP
Shielded VMs
VMs
Backup & Site
Azure Stack Active Directory
Recovery Azure SQL
Secure Threat Threat Detection
Privileged Access Workstations (PAWs) Disk & Storage
Score Analytics SQL Encryption & ESAE Admin Forest
Encryption
Data Masking
Confidential
Included Azure SQL Info
Windows 10 Enterprise Security IoT and Operational Technology Computing
Protection
with Azure
Network protection App control (VMs/etc.) DDoS attack
Credential protection Isolation
Windows 10 IoT IoT Security Maturity Model Premium Mitigation+Monitor Endpoint
Microsoft DLP ATP
Defender
Exploit protection Antivirus
Security
Reputation analysis Behavior monitoring
Azure IoT Security IoT Security Architecture Feature
Full Disk Encryption Azure Sphere
Attack surface Compliance Manager
reduction
S Mode
Security Development Lifecycle (SDL)
Trust Center Intelligent Security Graph