Kurt Shintaku's Blog

April 2025 version of MCRA is out!  This release of the Microsoft Cybersecurity Reference Architectures (MCRA) focuses heavily on updates related to standards and mappings, products and technology changes, and more.
 
Key changes since the previous December 2023 release:

• Updated main capabilities diagram to add Microsoft Security Exposure Management, Windows LAPS, passkeys, and Microsoft Entra Verified ID as well as to show Microsoft Security Copilot as a broad capability.
• Replaced several references of Secure Score with Exposure Management
• Clarified representations of Microsoft Security Copilot to show broader capabilities beyond Security Operations
• Added Microsoft Entra ID Governance to Adaptive Access diagram
• Updated several slides in introduction sequence and added new “Security must be integrated everywhere” slide.
• Updated slides in Artificial Intelligence (AI) section
• Added ‘Standards Mapping’ section and included proposed drafts of Zero Trust Reference Model standard from The Open Group (and Microsoft product mapping to them)
• Added roles list from The Open Group to people section
• Added Prioritization slide to the Threats section from upcoming draft Security Matrix standard from The Open Group
• Updated threat intelligence daily signals to 78+ Trillion and updated links/resources on various slides.
• Updated closing slides to show the full security modernization journey and associated Microsoft Unified engagements

Download the PowerPoint file (including slide notes) from the usual site:

• https://aka.ms/MCRA

(All hail Mark Simos, Microsoft Principal Cybersecurity Architect, Program Manager, and creator of the MCRA!)