Security, Compliance, Identity, and Management Roadmap

Microsoft Security Overview

The Microsoft Security chapter provides information about Microsoft 365 and Azure security-related services, including information about each service, and major changes expected to be made to these services. Most of these services fall under the Microsoft Defender XDR umbrella brand.

Legacy on-premises security-related products are included here for completeness, although they are in maintenance mode and receive few to no enhancements.

Security services within Microsoft 365 are designed to secure Windows and third-party OSs running on endpoints, and Microsoft 365 hosted services themselves, such as Office 365. 

Services described in this chapter include:

Security services within Azure are designed to secure VMs in Azure and on-premises, or in third-party clouds, as well as many cloud services in Azure, and select cloud services in third-party clouds.

Services described in this chapter include:

One legacy security product, Endpoint Protection, remains available from Microsoft and is still supported if kept up to date. Endpoint Protection is now updated once per year alongside the companion application Configuration Manager. Neither product receives significant enhancements, and regular updates, originally scheduled for three times per year, were reduced to twice a year several years ago and reduced to once per year beginning in 2026.

The Microsoft Compliance chapter provides information about Microsoft 365 and Azure regulatory- and legal-compliance-related services, including information about each service, and the major changes expected to be made to these services. Most of these services fall under the Microsoft Purview umbrella brand. Legacy on-premises security-related products are included here for completeness, although they are in maintenance mode and receive few to no enhancements.

As the repository for many, if not most, organizational documents, ranging from e-mails and Teams conversations to Word and Excel documents, Microsoft 365 can be subject to a wide range of compliance requirements. 

Compliance services within Microsoft 365 are designed to ensure that data and Microsoft 365 services are meeting the organization’s compliance requirements.

Services described in this chapter include:

Compliance services within Azure are designed to help ensure compliance objectives are met by data services in Azure, select third-party clouds, and select on-premises data applications. 

Services described in this chapter include Purview Data Governance.

The Microsoft Identity chapter provides information about Microsoft 365 and Azure identity-related services, including information about each service, and major changes expected to be made to these services. These services fall under the Microsoft Entra umbrella brand.

Legacy on-premises identity-related products are included here for completeness, although they are in maintenance mode and receive few to no enhancements.

Identity services within Microsoft 365 and Azure are designed to provide identity and access management (IAM) for Microsoft 365, other Microsoft-hosted applications, and applications and systems running in Azure. Newer Entra ID identity governance and life-cycle features focus on helping organizations onboard, manage, and offboard employee access to applications and systems, but most features require premium licenses for Entra ID Governance.

Services included in this chapter include Entra ID.

One legacy identity product, Identity Manager, remains available from Microsoft and is still supported if kept up to date, but rarely receives updates. The product received its most recent service pack in 2019 and most recent hotfix in 2023.

The Microsoft Management chapter provides information about Microsoft 365 and Azure systems management-related services, including information about each service and major changes expected to be made to these services.

Legacy on-premises security-related products are included here for completeness, although they’re in maintenance mode and receive few to no enhancements.

Management services within Microsoft 365 are designed to manage Windows and third-party OSs running on client endpoints. Supported platforms include current versions of Windows, macOS, iOS, iPadOS, Android, and a limited scope of management over a short list of popular Linux desktop distributions and ChromeOS.

No Microsoft 365–hosted service is intended for managing servers or other infrastructure.

Services described in this chapter include Intune.

Management services within Azure are designed to manage Windows Server and Linux VMs in Azure and on-premises, or in third-party clouds. Note that these services are the closest alternative Microsoft offers as a replacement for the System Center suite and Configuration Manager, which are both effectively in maintenance mode.

No Microsoft 365-hosted service is intended for managing servers.

Services described in this chapter include:

One legacy management product, Configuration Manager, remains available from Microsoft and is still supported if kept up to date. 

Configuration Manager is now updated once per year alongside the companion application Endpoint Protection. Neither product receives significant enhancements, and regular updates, originally scheduled for three times per year, were reduced to twice a year several years ago, and reduced to once per year beginning in 2026.

The System Center suite continues to receive new releases approximately every three years, with few new features in any of the management applications, and fixes largely limited to security updates and enhancements to improve the compatibility of the suite with newer versions of Windows Server, SQL Server, and Linux.