Learn about Microsoft cloud security high-level concepts to secure your organization with Microsoft 365 and Azure built-in products and features. The way to secure your digital assets such as identities, infrastructures, platforms, apps and data.

These are the official Microsoft security sources.

On my blog you can find two security paths about:

Source: Microsoft

Security spheres

Microsoft names the following spheres when talking about enterprise-class security & technology.

Source: Microsoft

Protect identities and manage access

Identity & Access Management (IAM) is key for every environment, that has its sovereign assets to control interaction between people and resources.

Stop threats with integrated, automated protection

Threat detection, investigation, hunting, response with Extended detection & response (XDR) to protect your assets. Correlation between the products enable high level security - more about security correlation.


Secure your apps and resources across clouds

Modern applications are found in the cloud. To govern the collaboration of your organization and these, you need a discovery across your tenant. Then you can granularly control with policies.

Protect and govern sensitive data

Compliance, governance are central for information protection. Full authority over your data independent of their location or state at every time. Microsoft compliance

Identify and remediate risks

In an emerging world where adversary technologies and techniques develop just as fast as the legitimate, it is import to keep an overview of what is currently going on in cybersecurity. Identification of potential and direct vulnerabilities or threats can be done with Microsoft Threat Analytics helps to get a better understanding about threats and correlates detected events to your organization.

Zero trust

The zero trust strategy is about eliminating trust and treating all interactions the same. It is a perimeterless attempt.

  • Verify explicitly, any authentication and authentication processes must be checked against all available information at any time
  • Least privileged access, user access should only be granted according to the concepts of just-in-time (only for a defined period of time for the corresponding actions) and just-enough access (dedicated authorizations for the respective action) (JIT/JEA)
  • Assume breach, all operations should always be considered as if they were a compromised attempt or attack

Source: Microsoft

Threat & Vulnerability Management

Versatile devices and apps offer versatile attack surfaces. Microsoft Defender Vulnerability Managment forms the corresponding solution to this concern and delivers high- to low-level information about all types threats and vulnerabilities, shows affected assets, supports in priorization and mitigation options.

Source: Microsoft


SIEM and SOAR associate in IT security event aggreagation, management and response.

Security Information Event Management (SIEM)

Security Information Event Management relates to event management based on information on a security landscape. It includes all basic security operations. Delivered through Microsoft Sentinel.

Security Orchestration, Automation and Response (SOAR)

Security Orchestration, Automation and Response is the evolutionized version of SIEM, that has its focus on security task (mainframe) orchestration and automation response and mitigation to drive security operations to the next level.

Source: Microsoft


  • E3 Security hosts basic security products that provide a foundational protection, though they often lack of sophisticated investigation or reporting options
  • E5 Security is the full package for mainly cloud-only oriented customers that want the whole and best security experience throughout all products

More information are available in my Microsoft 365 enterprise license post.
For a detailed and up to date overviews, visit: M365Maps

Microsoft 365 Licensing
A collection of Microsoft 365 licensing diagrams to view in browser or download as PDF, PNG, SVG, and Visio files.

Security powered by Oceanleaf:

Fundamentals Microsoft 365 security conceptsSecurity is a term that is currently spread alot. Microsoft makes an investment of 1 billion us dollars annually and works with over 3500 security experts. The threat landscape has become more sophisticated and maliciously. Endpoints are mobile, may connec…
Defender Suite
Enterprise security solutions, cloud-based, intelligent and automated security responses for Endpoint, Identity, Office 365 and Cloud Apps. A full protection stack. Defender for EndpointHandle threat and vulnerability events on endpoints to prevent malicious and harmful contents. Microsoft Defender:…

More helpful Microsoft resources

Resource site Contents
Security 101 cybersecurity fundamentals
Security Insider Explore the latest cybersecurity insights and updates
Digital Defense Report Regular report about the cybersecurity landscape at scale
Security Response Center (MSRC) Front line of security operation and response
Security blog Articles on different topics
Security events Overview of scheduled security events
Tech community Community platform
Security documentation Product and feature docs and sources
Learn Learning paths and certifications
Trust center Find information about security, compliance and privacy
Service Trust Portal Audit reports of Microsoft services
You’ve successfully subscribed to Oceanleaf
Welcome back! You’ve successfully signed in.
Great! You’ve successfully signed up.
Your link has expired
Success! Check your email for magic link to sign-in.