Our Partnership with Microsoft

Microsoft stands as a pivotal ally in Security Risk Advisors’ (SRA) commitment to enhancing the cybersecurity landscape. Our alliance is underpinned by a significant overlap in clientele, many of whom rely on the comprehensive Microsoft Defender Security Suite.

Microsoft Services

We can help to optimize configurations and delivery to business teams for the following Microsoft technologies:

Entra

Defender

Sentinel

Azure

Copilot

Purview

Foundry AI

Intune

DevOps

Power BI

hidden
Entra Services

Entra Identity

Conditional Access Policy Engineering

  • Deploy a fail-closed architecture to protect an organization’s applications and data.
  • Implement technical policies to govern user access through audit logging to limit operational disruption.
  • Configure risk-based conditional access policies to dynamically enforce policy and establish processes to mitigate potential account compromises.
  • Deploy dynamic group strategy to structure temporary and permanent exception requests to facilitate periodic auditing, automate requests, track requests, and explicitly target exceptions to reduce the attack surface.

Entra Purple Teams

  • Simulate industry threat actor techniques to identify and validate gaps in Entra configurations.
  • Reduce the Entra attack surface.

Tenant Trust Engineering

  • Increase operational efficiency by granting resource access to partners (AuthZ) instead of managing onboarding and offboarding accounts (AuthN).
  • Develop Conditional Access Policies for guest users to enforce organizational policy while allowing for home tenant authentication and MFA.
  • Efficiently remove resource access for external accounts.

Access Package Engineering

  • Develop, tailor, and manage permissions to enhance security and improve operational efficiency for your roles.

Entra Assessments

Entra Identity Assessment

  • Identify configurations that can introduce significant risk to tenant applications, resources, and data. Observations are often configurations set up for short-term mergers & acquisitions or new business needs that are often forgotten which may be leveraged to compromise data.

Conditional Access Policy Assessment

  • Perform a “What-If” analysis on the Entra tenant to build coverage metrics for Conditional Access policies.
  • Identify gaps in advanced Conditional Access Policies to restrict data to “trusted” and “compliant” devices.
  • Review Entra and Intune configurations to identify how organizational data is allowed on BYOD devices.

External Identity Assessment

  • Review the configurations in Trust Center to identify settings that could allow employees to share data to third-parties or third-party access applications.

Active Directory Migration Roadmap

  • Develop a prioritized roadmap to reduce reliance on Active Directory and shift authentications to Entra.
  • Streamline identity management by identifying opportunities to consolidate infrastructure, automate processes, and optimize costs while improving access control and reducing risks.

Entra Suite

Private Internet Access

  • Configure Conditional Access Policies to apply to on-prem applications to consistently enforce policies.
  • Reduce legacy on-prem authentications through Entra to restrict user authentications to Active Directory.
  • Configure and send device network logs to a data lake for troubleshooting, investigation, and analysis.
  • Remove legacy VPN requirements.

Public Internet Access

  • Configure Conditional Access to any external designation, resource, or cloud application.
  • Block connectivity to unauthorized categories including public data storage sites and FQDNs/URLs/or IPs.

Identity Lifecycle

  • Integrate HR systems to automate user provisioning.
  • Implement periodic access reviews to ensure compliance with least privilege principles and regulatory requirements.
  • Configure review policies for privileged users and entitlement assignments to semi-automate reporting.

Workload Identities

  • Secure access, protect secrets, and manage the lifecycle of non-human identities that support containers, VMs, Applications, Services, Mobile, IOT, and Desktops.

Verified Identity

  • Configure facial verification to reduce fraud and improve connectivity with business partners.
Defender Services

AV & EDR Deployment

Defender for Endpoint

  • Deploy and configure advanced threat protection features across Windows, macOS, Linux, and mobile platforms.
  • Integrate with Sentinel or your SIEM for centralized incident response and threat analytics.

Defender for Endpoint (Passive)

  • Detect and remediate malicious activity missed by your primary AV & EDR tools as part of a defense in depth strategy.
  • Collect system telemetry, track vulnerabilities, enable DLP, restrict external devices, enable cloud app discovery, and more.

Defender for Servers

  • Deploy Defender for Servers to cloud-based and on-prem servers with integration into Microsoft Defender for Cloud.
  • Configure threat detection policies tailored to server workloads and roles.
  • Enable automated onboarding and policy enforcement across cloud server environments.

Defender Assessments

Purple Team EDR Bakeoff

  • Simulate real-world attack scenarios to evaluate and compare the detection and response capabilities of Defender for Endpoint and the organization's current EDR tool.

EDR & AV Health Check

  • Compare current system configurations against industry best practices by reviewing the current state of the EDR platform, including detection logic, asset coverage, and overall health. This ensures the platform is optimized for effective monitoring and response.

    Advanced Engineering

    Attack Surface Reduction Rule Tuning

    • Review firewall security posture through configuration and rule analysis and provide recommendations or remediation support.

    Advanced Feature Configuration

    • Apply structured approach to identify, analyze, and prioritize potential threats to an OT system, component, or application.

    Server & Cloud Monitoring

    Defender for Cloud

    • Deploy and configure Defender for Cloud across Azure, AWS, and GCP environments to provide unified cloud security posture management.
    • Enable threat protection for virtual machines, containers, databases, and other cloud-native resources.
    • Set up regulatory compliance assessments and security recommendations aligned with frameworks like CIS, NIST, and ISO.

    Defender for Identity

    • Deploy Defender for Identity to your on-premises Active Directory infrastructure.
    • Detect identity-based threats and suspicious activities like credential theft, lateral movement, and domain compromise.
    • Provide actionable insights into compromised accounts and insider threat risks.

    Defender for Cloud Apps

    • Deploy Cloud App Discovery to identify shadow IT and unsanctioned app usage across the organization.
    • Configure policies for app governance, data protection, and threat detection in SaaS environments.
    • Integrate with Microsoft 365 and third-party apps for comprehensive cloud security posture management.
    Azure Services

    Azure Foundation

    Azure Standards Development

    • Create a security reference architecture document and standards documentation for approved cloud services which detail configuration requirements.
    • Review current-state security requirements.
    • Draft reference architecture and security standards based on current requirements, CIS benchmarks, cloud provider security guidance, and best practices.
    • Obtain feedback and update based on org requirements.

    Azure Purple Team

    • Execute attack simulations while working with security operations teams in real-time to identify prevented attacks, detected attacks, and gaps.
    • Execute all attack techniques within the cloud control plane across critical security services such as Log Analytics Workspaces along with customer facing services such as Azure VM.
    • Use an assumed compromise approach to follow and test alerts on critical attacker actions in the network.
    • Work with security operations team members to review successful preventions and detections.

    Azure Assessments

    Azure Configuration Assessment

    • Assess Azure subscriptions for potential risks​, such as publicly accessible resources, excessive network connectivity, over-provisioned access, and gaps in security controls.
    • Evaluate current environment management practices, architecture and networking strategy, identity and access management procedures, and configuration management.
    • Assess security configurations through a combination of open-source and custom scripts supplemented by manual review of the administrator console(s)

    Azure Program Assessment

    • Assess the Azure security program against industry best practices through stakeholder interview and policy documentation.
    • Conduct interviews with cloud security program stakeholders across 7 key areas:
        • Cloud Governance
        • Architecture & Networking
        • Identity and Access Management
        • Pipeline and service hardening
        • Vulnerability management
        • Logging & monitoring
        • Incident response

    Landing Zones

    Landing Zone Assessment

    • Assess an Azure landing zone configuration against Microsoft’s reference architecture and best practices.
    • Evaluate security controls and processes including network architecture, Azure policy and deployment pipeline.
    • Conduct interviews with cloud security program stakeholders. These interviews cover the 8 design areas from Microsoft’s reference architecture.
    • Review cloud architecture, policy, and standards documentation.
    • Review landing zone-adjacent platform configurations (e.g., firewalls, Zscaler).

    Landing Zone Implementation

    • Design and implement a landing zone architecture aligned with the Microsoft Cloud Adoption Framework.
    • Build out platform, including network and management design, pipeline configuration for automated deployments as well as policy documentation and implementation.
    • Establish landing zone operations and processes to enable landing zone adoption in the organization.
    Purview Services

    Data Classification & Discovery

    Data Discovery Workshops

    • Identify what data matters the most, and what it looks like in the M365 environment.

    Labeling and Classification

    • Use Purview’s Information Protection capability to create relevant sensitive information types, end-user labels, and auto-labeling policies to electronically tag data and enable downstream DLP policy.

    Data Discovery Scans

    • Conduct scans of your M365 tenant to find priority information assets and define remediation actions using Purview’s content explorer, activity explorer, or Data Security Posture Management (DSPM).

    Credential Discovery

    • Use sensitive information types to discover credentials stored in cleartext in M365 applications where cybersecurity leadership has greater policy enforcement authority.
    • Proactively scan for secret types including keys to improve security and potential unauthorized access.

    Purview Services

    Data Classification & Discovery

    • Define your organization’s sensitive data and discover where it’s stored in the M365 ecosystem.

    Purview Policy Engineering

    • Create and tune Purview DLP, IRM, and Information Protection policies to protect your data.

    Program Development

    Data Protection Program

    • Define your most important information assets, alerting and response workflows, and technology requirements.
    • Shape your data protection program with a practical roadmap to implement Purview configurations and modules focused on your business’s most important information assets.

    Copilot Readiness

    • Enable Purview monitoring controls prior to Copilot deployment to remediate over-exposed data including salary information and intellectual property.

    Purview Policy Engineering

    DLP Policy Creation

    • Create Purview Data Loss Prevention (DLP) policies scoped to the information assets and M365 applications to protect sensitive business data.

    IRM Policy Creation

    • Create Purview Insider Risk Management (IRM) policies to detect and prevent malicious activity in your M365 tenant by using advanced contextual information.

    Policy and Alert Tuning

    • Monitor the alerts generated by your DLP or IRM policies, analyze the fidelity of those alerts, and adjust thresholds to reduce false positives and elevate meaningful data loss events for further analysis.

    Policy Operationalization

    • Create specific incident response workflows for DLP or IRM alerts with detailed triage and investigation steps, a role-based access model, and escalation protocols.
    • Define data protection metrics to measure the outcome of DLP efforts focusing on alerts detected, trends, and common departments triggering DLP events and policy effectiveness.
    Foundry AI Services

    Strategy, Planning & Assessments

    Access Control, Authentication & Monitoring Program Design

    • Define monitoring points and criteria for evaluating AI activity.
    • Develop secure deployment criteria for models, datasets, and agent runtimes based on industry standard frameworks such as NIST AI RMF.
    • Perform threat modeling of risks associated with new model and agent deployments.
    • Recommend methodologies and techniques to monitor for critical security risks.
    • Define integration techniques for SIEM monitoring and/or DLP monitoring with Purview, Sentinel, or other tools.

    Red Team Testing

    • Assess OWASP Top 10 mapped risks evaluated against current model pipelines, prompts, and tooling.
    • Run simulated attacks to test prompt injection, over-permissioned agents, and data exfiltration through unauthorized users invoking privileged tools.

    Solution Development

    Secure Software Development Lifecycle

    • Assist with defining enterprise architecture standards and best practices for secure agent execution and deployment.
    • Establish testing routines and protocols for evaluating agent performance.
    • Perform workshops to discuss common pitfalls and issues found in AI system deployments.

    SOC Workflow Automation

    • Augment SOAR workflows with agentic reasoning.
    • Map into existing workflows for human-in-the-loop incident response processes.
    • Connect agents and services with key data such as Sentinel, ADX, Keyvault, Azure AI Search (RAG), Azure Functions, Logic Apps MCP.
    Intune Services

    Intune Engineering

    Configuration & Security Policies

    • Design configuration policies for encryption, password standards, OS version, lockout, and other security settings.
    • Configure endpoint security baselines (antivirus, firewall, Defender) to provide consistent protection.
    • Create a rollout strategy to provide comprehensive and scalable targeting.

    Compliance Policies

    • Define and implement compliance rules for configuration and security policies.
    • Integrate with Conditional Access Policies for identity-driven security enforcement.

    Mobile Device Management

    • Define and implement device and app protection policies for enterprise owned assets and managed BYOD device including encryption, screen lock, OS version, and app-level protections.
    • Integrate with Conditional Access Policies to enforce compliance before granting access to organizational resources.
    • Configure Mobile Application Management (MAM) policies to protect corporate data within applications on unenrolled or unmanaged BYOD devices.

    Intune Assessments

    Deployment Optimization

    • Review existing Intune deployment for alignment with best practices.
    • Assess organizational personas, device configurations (managed and unmanaged), compliance policies, and Conditional Access enforcement for enrolled and BYOD devices
    • Create a tailored report with actionable observations and recommendations to enhance the deployment.
    • Develop a high-level roadmap to guide implementation of recommended improvements.

    Intune/Intune Suite Proof-of-Concept Deployment

    • Deploy a proof-of-concept Intune environment within your Microsoft tenant.
    • Identify core and extended use cases for Intune and the Intune Suite.
    • Assess compatibility with use cases, existing toolsets, and organizational capabilities.
    • Develop a high-level implementation roadmap to guide future deployment and adoption.

    Intune Suite Engineering

    Endpoint Privilege Management

    • Identify devices and accounts with elevated privileges through auditing and policy review.
    • Configure just-in-time local admin rights for approved tasks to reduce risk exposure.
    • Mitigate security risks from standing admin privileges while enabling patching and software installation workflows.

    Advanced Endpoint Analytics

    • Collect detailed endpoint telemetry and performance data across managed devices.
    • Analyze insights via Intune dashboards or Microsoft Graph APIs to identify trends, anomalies, and potential issues proactively.
    • Integrate optionally with Azure Data Explorer (ADX) for custom queries, dashboards, and advanced reporting.

    Endpoint Application Management

    • Catalog and manage standard, line-of-business, and custom applications.
    • Deploy applications with automated updates and patching strategies.
    • Maintain a centralized company portal for simplified app discovery, installation, and updates.
    DevOps Services

    Development Workflow & Repository Security

    Development Process Analysis

    • Map standard workflows, application lifecycles, and identify potential security gaps in development procedures.

    Repository Configuration Review

    • Analyze organizational and individual repository settings, access controls, and compliance configurations.

    Source Code Security

    • Identify hardcoded credentials, insecure coding practices, and unauthorized access patterns within repositories.

    CI/CD Pipeline Security

    Pipeline Configuration Analysis

    • Review CI/CD pipeline definitions for security misconfigurations and vulnerability injection points.

    Authentication & Authorization

    • Assess OpenID Connect (OIDC) implementations, token handling, and identity enforcement.

    Third-Party Integration Security

    • Evaluate security of external services, tools, and dependencies integrated into pipelines.

    Automated Security Testing

    • Deploy tools to identify configuration issues and potential attack vectors.

    Build Environment Infrastructure Security

    Infrastructure Hardening Assessment

    • Evaluate security configurations of build servers, runners, and execution environments.

    Container Security Analysis

    • Assess container images, runtime security, and potential escape vulnerabilities..

    Network Isolation Review

    • Analyze network segmentation, access controls, and communication security between build components.

    Secrets Management Evaluation

    • Review how sensitive data is stored, accessed, and managed within build environments.

    Microsoft Solutions Partner

    The Microsoft Intelligent Security Association (MISA) is an exclusive, invite-only ecosystem of independent software vendors and managed security service providers that have integrated their solutions with Microsoft’s security technology. MISA members are recognized for their commitment to providing the highest level of security and for their ability to deliver innovative solutions that help customers defend against increasingly sophisticated cyber threats.

    Being part of MISA allows us to influence the future of Microsoft Security solutions and ensures that our clients benefit from the latest advancements in cybersecurity. Our clients can feel assured because of our:

    • Enhanced Security: Our clients can feel confident knowing that we are at the forefront of cybersecurity innovation, working closely with Microsoft to develop and deliver the best security solutions.
    • Direct Influence: As a MISA member, we provide feedback and influence the development of Microsoft Security products like Microsoft Defender and Sentinel, as well as the ability to see the Microsoft Security roadmap. This ensures that we are informed about the latest developments and can collaborate with Microsoft product teams to shape the roadmap. Due to this, our clients benefit from solutions that are continuously improved and tailored to meet their needs.
    • Trusted Partnership: Our membership in MISA is a recognition of our commitment to excellence and our ability to deliver high-quality security services. Clients can trust that we are a reliable partner, dedicated to protecting their digital assets.

    SRA has demonstrated its broad capability to help customers safeguard their entire organization with integrated security, compliance, and identity solutions.

    SRA has demonstrated its broad capability to help customers accelerate migration of key infrastructure workloads to Azure.

    SRA has demonstrated its broad capability to help customers manage and govern their data across multiple systems to build analytics and AI solutions.

    SRA has demonstrated its broad capability to help customers boost their productivity and make the shift to hybrid work using Microsoft 365.

    Microsoft ECIF Program

    Implement Microsoft Solutions with Microsoft Funding Assistance

    Security Risk Advisors is a Microsoft Solutions Partner, and we are privileged to have access to funding for our customers. With SRA’s assistance, you can apply for ECIF (End Customer Investment Funds), which means that Microsoft will contribute to the cost of deploying and optimizing certain security products in your production environment.

    The End Customer Investment Funds (ECIF) program allows Microsoft to set-aside funding in their fiscal budgets to pay for services to end-customers in support of Microsoft products and solutions. This is typically between 10% – 20% of the expected revenue for their product as outlined in the Statement of Work (SOW).

    ECIF is Microsoft’s way of ensuring their customers are successful and get value from their products. ECIF may be used for a POC and product deployment or migration from a competitor’s product.