Tag: cloud

MCRA finally updated!

On By SamikidoIn EnglishLeave a comment

Yay! It finally happened! On April 24th, 2025, to be exact.

Microsoft’s cybersecurity reference architecture has now been updated. The previous version (v3) was released back in December 2023 — so it’s been well over a year (and nearly a half) since the last update.

This update is especially timely, considering how Microsoft has been rolling out new security tools, recommendations, and features at a dizzying pace lately.

So, what’s changed?

  • The “Core Capabilities” diagram has been revamped. It now includes things like Microsoft Security Exposure Management, Windows LAPS (for managing local admin passwords), passkeys, and Microsoft Entra Verified ID (less common in Finland). And of course, Microsoft Security Copilot has been added (fantastic, but brutally expensive).
  • Entra Permission Management has been removed (EoL – thanks to Entra’s new packaging approach).
  • Microsoft Entra ID Governance Adaptive Access has been added.
  • There’s a strong emphasis that security must be embedded everywhere. This is highlighted in the slide titled “Security must be integrated everywhere.”
  • The AI section has been updated (I’ll write a separate blog post about that soon — it’s a juicy topic).
  • A brand new “Standards Mapping” section is included. It focuses on Zero Trust reference architecture from The Open Group and maps Microsoft’s products to it. It now also includes role listings for human identities (as defined by The Open Group).
  • There’s a lot of content from The Open Group’s upcoming Security Matrix, especially around threat prioritization.
  • Secure Score seems to be trending down, while Exposure Management is on the rise.
  • The threat intelligence facts have been updated, and Microsoft’s security investments are highlighted — with some quite impressive numbers.
  • The security modernization journey is presented in an engaging and clear (sometimes even entertaining) way, along with the operating models Microsoft recommends.

It’s light to digest, with slick visuals — just a casual 115 slides in the standard deck.

If you haven’t yet downloaded the slides, do it now by – just click HERE.