Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The Microsoft Cybersecurity Reference Architecture (MCRA) provides an extensive set of technical architectures for use during Zero Trust security adoption and modernization.
MCRA architectures capture the end-to-end security journey for the hybrid of everything technology estate and span across legacy IT, multicloud, OT/IoT, AI, and more.
The architectures help you to accelerate planning and execution of security modernization using open standards, Microsoft’s security solutions, and third-party security technologies.
The MCRA is a component of our structured security adoption model. The model provides a standardized process for planning, prioritizing, designing, and implementing security modernization across the business, based on Zero Trust principles.
Recent MCRA updates
Download the latest version of MCRA, published in June 2026.
Key changes
Key changes in the latest release from the earlier April 2025 version.
| *Change/Update | Details |
|---|---|
| Main Menu | Updated design to align to security adoption model. |
| Introduction | Updated these slides: Antipatterns, Security is hard Added two assumptions, and Zero Trust description. |
| Data Security Reference Architecture | Added new diagram. |
| Standards Mapping | Updated proposed drafts of Zero Trust Reference Model standard (The Open Group), and Microsoft mapping to them. |
| AI | Updated most slides in the section. |
| People | Updated roles list from The Open Group. Added example guidance from CEO role. |
| Microsoft Products | Updated design to align to security adoption model. |
| New solution/service | Added Microsoft Agent 365 to attack chain, standards mappings, role mappings, product references, and reference architectures (Capabilities, Identity, Security Operations, and Data Security). |
| New solution/service | Added Microsoft Foundry to Infrastructure and Multicloud reference architectures. |
| Cross-slide | Threat intelligence daily signals updated to 100+ trillion. |
MCRA structure
MCRA illustrates how Microsoft capabilities work together and includes:
- Antipatterns (common mistakes) and best practices.
- Threat trends and attack patterns.
- The importance of end-to-end security and ruthlessly security work prioritization.
- Guidance for successful Zero Trust end-to-end security adoption.
- Mapping Microsoft capabilities to Zero Trust standards and roles.
MCRA architecture diagrams cover:
- Microsoft cybersecurity capabilities
- Zero Trust user access
- Security operations (SecOps/SOC)
- Operational technology (OT)
- Multicloud and cross-platform capabilities
- Attack chain coverage
- Infrastructure and development security
- Security organizational functions
How do I use the MCRA?
You typically use the architectures as a:
- Starting template for a security architecture - Use MCRA architectures to define a target state for cybersecurity capabilities. It's useful because it covers capabilities across the modern enterprise estate that spans on-premises, mobile devices, multiple clouds, and OT/IoT Technology.
- Comparison reference for security capabilities - Compare Microsoft's recommendations with what you own and implement. Organizations often find they have technology they weren't aware of.
- Learning tool for Microsoft - In presentation mode, each capability has a "ScreenTip" with a short description of each capability, and a link to documentation to learn more.
- Learning tool for security integration - Architects and technical teams can identify and use integration points in Microsoft security capabilities and their existing capabilities.
- Learning tool for cybersecurity - For people new to cybersecurity, the resources provide a learning tool as they take their first steps.