In May 2019, Managed Sentinel released a diagram presenting a mapping of Azure Security services vs on-premises security controls. The cybersecurity community expressed an interest in having the same security controls mapped against the NIST Cybersecurity Framework functions: Identify, Detect, Protect, Respond and Recover.
The diagram below provides a high-level view of how various Azure security controls fall under NIST Cybersecurity Framework functions as well as the security data flows between them. The $ sign indicates that a control is a paid service. The shield icon identifies connectivity between the Azure security control and the Azure Sentinel SIEM through the built-in data connectors. Some services provide coverage for several NIST functions and they are shown either crossing two adjacent NIST functions or with a color-coded tag in the background.