Products & Technologies
Technology expertise for architecture, operations and security
The following technologies form the operational foundation of many Microsoft environments. We do not assess these building blocks in isolation, but in the interplay of architecture, permissions, operations, security and evidence. This creates a robust decision basis for modernization, hardening and stable long-term operations.
Active Directory
Active Directory (AD) is a database and a set of services that connect users to the network resources they need for their work. The database (or directory) contains important information about your environment, such as which users and computers exist and who is allowed to do what.
Azure
The Azure cloud platform includes more than 200 products and cloud services designed to help you build new solutions. It enables you to address current challenges and prepare for the future. You can develop, run and manage applications across multiple clouds, on-premises or at the edge using the tools and frameworks of your choice.
Exchange
Work efficiently with business email and calendars. Exchange supports collaboration on important documents, places urgent emails in a focused inbox, and adapts to your personal work style so you can get more done in less time.
Intune
Microsoft Intune is a cloud-based endpoint management solution. It manages user access to company resources and simplifies app and device management across your device estate, including mobile devices, desktop computers and virtual endpoints.
Microsoft 365
Help your teams achieve better business outcomes with Microsoft 365, and extend it with Microsoft 365 Copilot, your AI assistant for work.
Microsoft Entra ID (formerly Azure Active Directory)
Microsoft Entra ID is a cloud-based identity and access management service that your employees can use to access external resources.
SharePoint
Achieve your AI goals with a secure enterprise-grade content management and collaboration platform.
SQL Server
Get the flexibility you need to use integrated solutions and apps with your data—in the cloud, on-premises or on edge devices. SQL Server 2022 is the strongest Azure-compatible version to date, with further innovation in performance, security and availability.
Microsoft Configuration Manager (formerly System Center Configuration Manager)
Take control of your data flood. System Center improves agility and performance by optimizing the deployment, configuration, management and monitoring of your infrastructure and your virtualized software-defined datacenter.
Teams
Transform the way you work with next-generation AI capabilities that connect your physical and digital worlds. Communicate with customers via video, chat and phone using a cost-effective all-in-one solution.
Microsoft Defender (XDR‑Suite)
Protection and detection for endpoints, identity, M365 and cloud workloads.
Microsoft Sentinel
Cloud SIEM/SOAR. Central node for audit trail, detection use cases and response.
Hybrid Bridges
Entra Connect / Cloud Sync
Identity synchronization between AD DS and Entra. Critical: privilege boundaries and secure service accounts.
- ✓Staging mode, high availability, change control
- ✓Justify break-glass accounts and CA exceptions clearly
- ✓Monitoring and security events in Sentinel
Azure Arc
Consistent governance and security controls for servers and Kubernetes outside Azure.
- ✓Policy‑Assignment, Guest Configuration, Inventory
- ✓Defender for Cloud for hybrid workloads
- ✓Standardized tags/resource models
Product Architecture at a Glance
| Domain | Primary Microsoft components | Typical integration points | Operational evidence |
|---|---|---|---|
| Identity & Access | Entra ID, Conditional Access, PIM, Access Reviews | SSO to SaaS/LOB, Entra Connect, app consent governance | CA policy export, sign-in logs, PIM audit logs |
| Client & Endpoint | Intune, Autopatch, Defender for Endpoint | Compliance signals → Conditional Access, baselines, device inventory | Compliance Reports, Baseline Drift, MDE Coverage/Alerts |
| Platform & Governance | Azure landing zones, RBAC, Policy, Key Vault | IaC Pipelines, Subscription Factory, Network/Connectivity | Policy Compliance, Role Assignments, Change/Approval Records |
| Security & SOC | Defender XDR, Sentinel, Defender for Cloud | Log source list, use-case catalog, SOAR automation | Incidents/playbooks, analytics rules, workbooks/trends |
| Data & Compliance | Purview (MIP/DLP/eDiscovery), Audit, Retention | Labels in M365/apps, DLP signals in SOC, records management | Label/DLP policy export, audit search, case logs |
Selection Criteria
- ✓Evidence objectiveWhich controls must be evidenced regularly (audit, customer, regulator)?
- ✓Role modelWho is allowed to do what? (PIM/JIT, tiering, delegation, service accounts)
- ✓Operational readinessPatch process, monitoring, incident handling, backup/restore tests.
- ✓Hybrid complexityOn-prem dependencies (AD, PKI, legacy apps) must be modeled explicitly.
Architecture Variants
- ✓Cloud-onlymaximum standardization, high automation, low operational variance.
- ✓Hybridcentral controls, but additional failure and attack paths (two worlds).
- ✓On‑Prem dominantstabilization of AD/server operations, cloud for security/observability as a booster.
What would you like to do next?
XELANED specialists are available at any time to support your next steps. Together, we prioritize topics, clarify dependencies and choose an approach that fits your environment both technically and organizationally.
Project Planning
We discuss scope and dependencies and create a robust implementation plan.