Technical Architecture Documentation

Network Topology

Current State (CrowdStrike)

Network diagram showing existing security infrastructure

Future State (Microsoft Defender)

Network diagram showing target architecture

Data Flow Architecture

Security Telemetry Flow

  • Endpoint Data Collection
  • Network Traffic Analysis
  • Cloud Workload Protection
  • Threat Intelligence Integration

API Integration Points:

- Microsoft Graph Security API
- Azure Security Center API
- Log Analytics Workspace
- Azure Monitor

Network Security Configuration

Firewall Rules

  • Allow Defender cloud service URLs
  • Update CrowdStrike exception rules
  • Configure proxy settings

Network Security Groups

  • Azure NSG configurations
  • Subnet-level security
  • Service tag updates

Integration Architecture

SIEM Integration

  • Data Connector Configuration
  • Log Format Mapping
  • Alert Integration
  • Custom Query Migration

Identity Management

  • Azure AD Integration
  • Role-Based Access Control
  • Conditional Access Policies

Automation & Orchestration

  • Logic Apps Integration
  • Azure Automation Runbooks
  • Custom Playbooks Migration