Microsoft Releases First Secure Future Initiative Report, Showcasing Key Security Enhancements

Published: Sep 23, 2024

Security

SHARE ARTICLE

Key Takeaways:

  • Microsoft has implemented critical improvements across its products to bolster cybersecurity and reduce vulnerabilities.
  • The Secure Future Initiative emphasizes security as a top priority, linking it to leadership compensation and integrating it into employee performance reviews.
  • Microsoft established a Cybersecurity Governance Council and appointed deputy Chief Information Security Officers to oversee the initiative.

Microsoft published this morning its first Secure Future Initiative report. The company touted that it has made several key improvements to boost security across its products and services.

Microsoft launched its Secure Future Initiative (SFI) back in November 2023. This initiative is aimed at creating a coordinated effort within the company to enhance cybersecurity across all Microsoft products and services. In May, Microsoft announced a set of plans to enhance its cybersecurity practices.

The SFI is guided by three core principles secure by design, secure by default, and secure operations. Moreover, Microsoft committed to prioritizing security by tying cybersecurity performance to the compensation of its Senior Leadership Team. Microsoft also plans to make security a core focus in the performance reviews for all employees.

Microsoft Releases First Secure Future Initiative Report, Showcasing Key Security Enhancements
the Secure Future Initiative (SFI) (Image Credit: Microsoft)

Microsoft’s progress across six key pillars of the Secure Future Initiative (SFI)

Microsoft highlighted today its progress across six key pillars that are meant to address weaknesses in Microsoft’s systems and development practices. Here is a list of the latest updates across those areas.

Microsoft has released a couple of updates for Entra ID and Microsoft Account (MSA) for public and US government clouds. These systems can now generate, store, and automatically rotate access tokens signing keys through the Azure Managed Hardware Security Module (HSM) service. Microsoft’s standard identity SDKs now support over 75 percent of the tokens issued by Microsoft Entra ID for its own applications.

“We completed enforcement of the use of phishing-resistant credentials in our production environments and implemented video-based user verification for 95% of Microsoft internal users in our productivity environments to eliminate password sharing during setup and recovery,” said Charlie Bell, Executive Vice President for Microsoft Security.

Microsoft has also eliminated 5.75 million inactive tenants to reduce attack surfaces. Moreover, the company has recorded more than 99 percent of physical assets on the production network in a central inventory system. Microsoft is also using centrally governed pipeline templates in 85 percent of the production build pipelines for its commercial cloud services.

Additionally, Microsoft has updated its audit logs to retain data for at least two years. The company also outlined its efforts to improve vulnerability response and remediation processes. Microsoft has established a Customer Security Management Office (CSMO) to engage with customers during security incidents.

Lastly, Microsoft announced today that it has created a new Cybersecurity Governance Council. The company has appointed 13 deputy Chief Information Security Officers responsible for leading its Secure Future Initiative. Microsoft also highlighted its commitment to achieving the SFI objectives. “By fostering this culture of continuous learning and improvement, we are building a future where security is not just a feature, but a foundation,” Bell added.

SHARE ARTICLE