Microsoft Cybersecurity Reference Architectures

What does the MCRA include?

The MCRA includes key information about:

• Antipatterns (common mistakes) and best practices

• Guiding rulesets for end to end architecture

• Threat trends, and attack patterns

• Mapping Microsoft capabilities to organizational roles

• Mapping Microsoft capabilities to Zero Trust standards

• Securing privileged access

• Reference plans in SAF (including example of patching modernization)

• Prioritizing using attacker return on investment (ROI)

• ...and more

The MCRA also includes detailed technical diagrams for:

• Microsoft cybersecurity capabilities

• Zero trust user access

• Security operations (SecOps/SOC)

• Operational technology (OT)

• Multicloud and cross-platform capabilities

• Attack chain coverage

• Infrastructure and Development Security

• Security organizational functions

https://learn.microsoft.com/en-us/security/adoption/mcra