Tag: #MCRA

MCRA finally updated!

On By SamikidoIn EnglishLeave a comment

Yay! It finally happened! On April 24th, 2025, to be exact.

Microsoft’s cybersecurity reference architecture has now been updated. The previous version (v3) was released back in December 2023 — so it’s been well over a year (and nearly a half) since the last update.

This update is especially timely, considering how Microsoft has been rolling out new security tools, recommendations, and features at a dizzying pace lately.

So, what’s changed?

  • The “Core Capabilities” diagram has been revamped. It now includes things like Microsoft Security Exposure Management, Windows LAPS (for managing local admin passwords), passkeys, and Microsoft Entra Verified ID (less common in Finland). And of course, Microsoft Security Copilot has been added (fantastic, but brutally expensive).
  • Entra Permission Management has been removed (EoL – thanks to Entra’s new packaging approach).
  • Microsoft Entra ID Governance Adaptive Access has been added.
  • There’s a strong emphasis that security must be embedded everywhere. This is highlighted in the slide titled “Security must be integrated everywhere.”
  • The AI section has been updated (I’ll write a separate blog post about that soon — it’s a juicy topic).
  • A brand new “Standards Mapping” section is included. It focuses on Zero Trust reference architecture from The Open Group and maps Microsoft’s products to it. It now also includes role listings for human identities (as defined by The Open Group).
  • There’s a lot of content from The Open Group’s upcoming Security Matrix, especially around threat prioritization.
  • Secure Score seems to be trending down, while Exposure Management is on the rise.
  • The threat intelligence facts have been updated, and Microsoft’s security investments are highlighted — with some quite impressive numbers.
  • The security modernization journey is presented in an engaging and clear (sometimes even entertaining) way, along with the operating models Microsoft recommends.

It’s light to digest, with slick visuals — just a casual 115 slides in the standard deck.

If you haven’t yet downloaded the slides, do it now by – just click HERE.

MCRA has been updated

On By SamikidoIn EnglishLeave a comment

Finally it’s here! Microsoft has recently updated the Microsoft Cybersecurity Reference Architectures (MCRA). Old one was from 2021 and a lot of things have changed on Microsoft offering since launch of MCRA.

December 2023 update has corrent product names (in example Azure AD → Entra ID), renewed SOC / SecOps functionality and many other adjustments.

Same time Microsoft launched the Security Adoption Framework (SAF). Previously we have seen Cloud Adoption Framework (CAF) containing a lot of security related topics.

Microsoft has also moved MCRA as part of the SAF. I think this is a good and makes it more clear. There are adoption framework for pure security. I hope that helps accelerate security modernization and effectiveness with many organizations.

The SAF provides clear actionable guidance to help guide your security modernization journey to protect business assets across your technical estate. The recommendations and references in SAF are aligned to Zero Trust principles as well as best practices and lessons learned from across Microsoft customers.

References:

Download: https://github.com/MicrosoftDocs/security/blob/main/Downloads/mcra-december-2023.pptx

Website: https://aka.ms/MCRA