Finally it’s here! Microsoft has recently updated the Microsoft Cybersecurity Reference Architectures (MCRA). Old one was from 2021 and a lot of things have changed on Microsoft offering since launch of MCRA.

December 2023 update has corrent product names (in example Azure AD → Entra ID), renewed SOC / SecOps functionality and many other adjustments.

Same time Microsoft launched the Security Adoption Framework (SAF). Previously we have seen Cloud Adoption Framework (CAF) containing a lot of security related topics.

Microsoft has also moved MCRA as part of the SAF. I think this is a good and makes it more clear. There are adoption framework for pure security. I hope that helps accelerate security modernization and effectiveness with many organizations.

The SAF provides clear actionable guidance to help guide your security modernization journey to protect business assets across your technical estate. The recommendations and references in SAF are aligned to Zero Trust principles as well as best practices and lessons learned from across Microsoft customers.

References:

Download: https://github.com/MicrosoftDocs/security/blob/main/Downloads/mcra-december-2023.pptx

Website: https://aka.ms/MCRA