This article kicks off a series focused on integrating security services into your IT environment to safeguard systems and resources, both on-premises and in the cloud. Microsoft offers a variety of security services designed to help organizations monitor and protect their systems and data. Throughout this series, you'll learn how to incorporate these services into your IT environment to enhance its overall security posture.
Microsoft provides extensive documentation and reference architectures on IT security. For instance, you can explore Zero Trust concepts, understand how Microsoft Defender XDR services protect your Office environment, and access architectural designs that utilize various security services from Microsoft Azure Cloud. You can find a compilation of various security-oriented reference architectures on Microsoft Cybersecurity Reference Architectures.
Architectures in this series
This is the first article in a series of five that provides a structured and logical approach to understanding and integrating the security solutions available through Microsoft Azure public cloud and Microsoft 365 services. In this initial article, you'll find an overview of the series, with a brief explanation of the architecture's content and how it was developed. The subsequent articles will delve into each component in greater detail.
This series takes an in-depth look at the defense strategies you can build using these Microsoft cloud security services:
- Azure security services
- Microsoft Defender XDR Services
- Azure Monitor services, including Microsoft Sentinel and Log Analytics
Diagrams
This series of articles uses architectural diagrams to explain how Microsoft security services work together. The diagram in this article is the final architecture reference for this series, and it presents the whole picture.
To make the architecture more comprehensive, it was designed to be layered onto the architecture of a typical hybrid IT environment, which in many companies has three layers:
- On-premises services, such as a private Data Center
- Office 365 services that provide Microsoft Office apps
- Azure public cloud services, including servers, storage, and identity services
Download a Visio file of this architecture.
©2021 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.
At the bottom of the diagram is a layer that represents some of the most familiar techniques of attack according to MITRE ATT&CK matrix (MITRE ATT&CK® and the tactics involved (in blue text). From a threat perspective, malicious actors have evolved with new technologies and scenarios, especially public and hybrid clouds.
Articles
In addition to this introductory article, this series includes the following articles:
Map threats to your IT environment
The second article in this series explores how you can use this architectural reference with a different set of tactics and techniques or with varying methodologies, like the Cyber Kill Chain®, a framework developed by Lockheed Martin.
Build the first layer of defense with Azure Security services
The third article in this series explores in detail the security services of Microsoft's cloud services. It describes how to protect Azure services, like virtual machines, storage, network, application, database, and other Azure services.
Build the second layer of defense with Microsoft Defender XDR Security services
The fourth article in this series explores security for Microsoft 365 services, like Office 365, Teams, and OneDrive, provided by Microsoft Defender XDR services.
Integrate Azure and Microsoft Defender XDR security services
The fifth article in this series explains the relationship between Azure Security and Microsoft Defender XDR services and their integration. It describes how integration works and how you can accomplish it by using Microsoft Sentinel and Log Analytics, which are shown on the left side of the architecture diagram. This series calls these core monitoring services, because the services that are depicted in the graph can work with the comprehensive services of Azure and Microsoft 365.
Contributors
This article is maintained by Microsoft. It was originally written by the following contributors.
Principal author:
- Rudnei Oliveira | Senior Azure Security Engineer
Other contributors:
- Gary Moore | Programmer/Writer
- Andrew Nathan | Senior Customer Engineering Manager
Next steps
This document refers to some services, technologies, and terminologies. You can find more information about them in the following resources:
- What are public, private, and hybrid clouds?
- Overview of the Azure Security Benchmark (v3)
- Embrace proactive security with Zero Trust
- Microsoft 365 subscription information
- Microsoft Defender XDR
- MITRE ATT&CK®
- The Cyber Kill Chain® from Lockheed Martin
- What is Microsoft Sentinel?
- Overview of Log Analytics in Azure Monitor
Related resources
For more details about this reference architecture, see the other articles in this series: