Microsoft has released its second progress report on the Secure Future Initiative (SFI), described as the largest cybersecurity engineering project in the company’s history.
Led by Charlie Bell, Executive Vice President of Microsoft Security, the initiative has mobilized the equivalent of 34,000 engineers working full-time for 11 months to bolster security for Microsoft, its customers, and the broader industry.
Launched to address critical cybersecurity risks, SFI emphasizes a security-first culture across Microsoft’s workforce. Every employee now has a Security Core Priority tied to performance reviews, with 99% completing mandatory Security Foundations and Trust Code training.
.png
)
Over 50,000 employees have also participated in the Microsoft Security Academy to enhance their cybersecurity expertise. “This shift is about empowerment,” Bell noted, underscoring the goal of equipping all staff to protect customers.
Innovations in Product Security
Microsoft’s engineering teams have rolled out significant innovations aligned with the “Secure by Design, Default, and in Operations” principles.
A standout is the Secure by Design UX Toolkit, tested by 20 product teams, deployed to 22,000 employees, and made publicly available. This toolkit embeds security best practices into product development, helping teams identify vulnerabilities and prioritize fixes.
Additionally, 11 new security features have been introduced across Azure, Microsoft 365, Windows, and Microsoft Security products to enhance default protections.
In AI development, Microsoft has implemented dedicated security and safety reviews under its Artificial Generative Intelligence Safety and Security Organization.
Secure operations practices, detailed in the Responsible AI Transparency Report, are now standard across AI systems. These efforts have also thwarted $4 billion in fraud attempts through new policies and detection models.
Strengthening Defenses Against Cyberthreats
The report highlights significant strides in protecting identities, networks, and systems. Following the 2023 Storm-0558 attack, Microsoft migrated Entra ID and Microsoft Account (MSA) token signing keys to hardware-based security modules (HSMs) and Azure confidential VMs, with automatic rotation and new defense-in-depth measures.
Over 90% of identity tokens for Microsoft apps now use a hardened identity Software Development Kit, and 92% of employee accounts employ phishing-resistant multifactor authentication.
Microsoft has also reduced lateral movement risks by transitioning 88% of resources to Azure Resource Manager, removing 6.3 million unused tenants, and restricting authentication for 4.4 million managed identities to specific network locations.
Network security has improved with 99% of assets inventoried and new features like Network Security Perimeter and DNS Security Extensions.
Microsoft’s ability to detect and respond to cyberthreats has grown, with over 200 new detections added for top tactics, techniques, and procedures, set to be integrated into Microsoft Defender.
The company now centrally tracks 97% of production infrastructure assets and enforces a two-year retention policy for security logs. Through its Zero Day Quest, Microsoft proactively identified 180 vulnerabilities in cloud and AI systems, expanding its mitigation program to cover more products and environments.
To manage enterprise-wide risk, Microsoft appointed a Deputy Chief Information Security Officer for Business Applications and consolidated security oversight for Microsoft 365 and other divisions.
All 14 Deputy CISOs have completed a risk inventory, creating a unified view of security priorities. This governance framework ensures security is embedded throughout the organization.
Measurable Progress Across All Objectives
Of SFI’s 28 objectives, five are nearing completion, and 11 have seen significant progress. The initiative has hardened Microsoft’s platforms, improved threat detection, and strengthened customer protections. “Our platforms and services are more secure than ever,” Bell stated, emphasizing SFI’s impact on both Microsoft and its customers.
Microsoft is also collaborating with the security research community and sharing tools like the Secure by Design UX Toolkit to elevate industry standards. The full SFI progress report, available now, details these advancements and Microsoft’s ongoing commitment to cybersecurity.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates




