Security Adoption Resources

Navigating the continuously changing threat landscape, technology platforms, and business requirements is often challenging for many organizations.

The Security Adoption Framework (SAF) provides guidance for organizations through end-to-end security modernization across a 'hybrid of everything' multicloud and multi-platform technical estate.

Diagram showing the components of the security adoption framework series workshops.

Each element of this guidance can be used individually or as part of holistic end-to-end security modernization from a strategic and programmatic level through architectural and technical planning.

This guidance applies Zero Trust principles to all aspects of end-to-end security modernization.

Objectives

End-to-end security approach - The Security Adoption Framework enables executive leaders, architects, and technical practitioners to build and execute an integrated strategy and architecture that aligns security to your organization through business, security, and technical platform needs.

Agile security - Provides flexibility to adapt to the continuously evolving attacks, changing business requirements, and technology platform changes you face today.

Practical and pragmatic - Each stakeholder has guidance to help them understand and execute this security modernization including:

  • Best practices
  • Lessons learned
  • References based on real world examples

Meeting these objectives allows organizations to accelerate business enablement and security risk reduction.

How to consume the guidance

The Chief Information Security Officer (CISO) Workshop

The Chief Information Security Officer (CISO) Workshop is a collection of security learnings, principles, and recommendations for modernizing security in your organization in both PowerPoint and video form.

A diagram of the CISO Workshop at a high level.

The Microsoft Cybersecurity Reference Architecture (MCRA)

The Microsoft Cybersecurity Reference Architecture (MCRA) shows you how Microsoft security capabilities can integrate with other Microsoft and 3rd party platforms. The MCRA is provided in the form of PowerPoint slides with notes.

A diagram showing the MCRA at a high level.

Business guidance for security modernization

Business guidance for security modernization includes multiple planning and execution guides for common focus areas.

Common security antipatterns

All of the SAF modules include documentation for antipatterns we commonly observe across organizations, and guidance for overcoming them. You can down the PDF Common security antipatterns that includes many of the antipatterns from across the SAF modules.

Microsoft led workshops

You might choose to have Microsoft experts lead workshops with your team to help accelerate your planning and execution of security modernization. These workshops guide your organization through any or all of the security adoption framework elements as well as technical deployment and optimization of Microsoft security technology.

These engagements range from a few hours to several days of deep planning, as described in the following section.

Microsoft Unified engagements

The Microsoft Unified Security Adoption Framework engagements include the following items:

Use case Title and description Topic summary Full workshop
Getting Started
(Start here if you don't know where to start)
Overview and Scoping - This short conversation is like a 'trail head’ to help you pick the best path to get started with security modernization planning based on your current needs and priorities. Four hours -
Product Adoption Security Capability Adoption Planning helps you maximize value from your current product licenses and entitlements by providing an overview of these Microsoft product capabilities. This session includes a prioritization and planning exercise to rapidly get the most security benefit out of the capabilities you have access to. This overview often includes Microsoft 365 E5 and Microsoft Unified. - Two days
End to End Technical Architecture Microsoft Cybersecurity Reference Architectures (MCRA) provide guidance on end to end technical architectures including a summary of Microsoft security capabilities, integration, and more. Based on aka.ms/MCRA. The Security Architecture Design Session (ADS) Module 1 guides you through more architectural context including: guiding principles, a 'Rosetta Stone' of security models, cross-discipline integrated scenarios, shared responsibility models, technical plans, and more. Four hours
(MCRA)
Two Days
(Security ADS 1)
Strategy and Program The CISO Workshop enables senior security and technology leaders to accelerate security strategy and program modernization with best practices and lessons learned. The workshop covers all aspects of a comprehensive security program including: recommended strategic initiatives, roles and responsibilities guidance, reference success metrics, maturity models, Zero Trust principles, and more. Based on aka.ms/CISOWorkshop. Four hours Custom scope
Access Control (Identity, Network, and more) The topic summary for Secure Identities and Access provides guidance for planning and architecting access control to secure access to a 'hybrid of everything' modern enterprise, mitigate attacks on privileged accounts, and integrate identity and network access strategies together.

The full workshop, Security ADS Module 2 - Secure Identities and Access, currently in development, provides more detail on: policy-driven adaptive access control integrating identity, network, and other access controls; maturity models; success criteria; recommended technical architectures; a Microsoft case study; and a planning exercise to map out your journey by tailoring reference plans to your unique needs.
Four hours TBD when available
Security Operations (SecOps/SOC) The topic summary for Modern Security Operations (SecOps/SOC) provides guidance for modernizing SecOps strategy, processes, architecture, and technology to address the simultaneous challenges of rapidly evolving threat actors, covering a 'hybrid of everything' technical estate, aligning SecOps to business goals, mitigating analyst fatigue/burnout, and more.

The full workshop, Security ADS Module 3 - Modern Security Operations (SecOps/SOC), provides more detail on: attacks and incident response; recommended processes and metrics; putting an XDR + SIEM + Security Data Lake Strategy into action; a Microsoft case study; advanced functions including threat hunting, detection engineering, incident management, and threat intelligence; outsourcing considerations; and a planning exercise to map out your journey.
Four hours 2-3 days
Infrastructure & Development / DevSecOps Security The topic summary for Infrastructure & Development Security provides guidance for planning and architecting infrastructure and development security for multicloud environments, including how to address the simultaneous challenges of rapidly evolving infrastructure, security of workloads and applications as you develop them, and how to build a teamwork-oriented DevSecOps approach for keeping up with rapidly evolving threats, technology, and business requirements.

The full workshop, Security ADS Module 4 - Infrastructure & Development Security, currently in development, provides more detail on models, methodologies, and technologies to modernize infrastructure & development security.
Four hours TBD when available
Data Security & Governance The topic summary for Data Security & Governance provides guidance for planning and architecting a lifecycle approach for protecting and governing data in today’s complex world.

The full workshop, Security ADS Module 5 - Data Security & Governance, currently in development, provides more detail on models, methodologies, and technologies to modernize information protection and governance
Four hours TBD when available
IoT and OT Security The topic summary for IoT and OT Security provides guidance for security Operational Technology (OT) and Internet of Things (IoT) systems.

The full workshop, Security ADS Module 6 - IoT and OT Security , currently in development, provides more detail and context to secure these devices and systems.
Four hours TBD when available

Next steps