Microsoft Security Blog: Securing our future: April 2025 progress report on Microsoft’s Secure Future Initiative

Apr 21, 2025

—

Source URL: https://www.microsoft.com/en-us/security/blog/2025/04/21/securing-our-future-april-2025-progress-report-on-microsofts-secure-future-initiative/
Source: Microsoft Security Blog
Title: Securing our future: April 2025 progress report on Microsoft’s Secure Future Initiative

Feedly Summary: The Microsoft Secure Future Initiative (SFI) stands as the largest cybersecurity engineering project in history and most extensive effort of its kind at Microsoft. Now, we are sharing the second SFI progress report, which highlights progress made in our multi-year journey to improve the security posture of Microsoft, our customers, and the industry at large.
The post Securing our future: April 2025 progress report on Microsoft’s Secure Future Initiative appeared first on Microsoft Security Blog.

AI Summary and Description: Yes

Summary: The Microsoft Secure Future Initiative (SFI) is a massive undertaking aimed at improving cybersecurity across Microsoft and its ecosystem. This report indicates significant advancements in the company’s security architecture, culture, and governance, aligning with modern security principles, including Zero Trust. It introduces innovative tools and practices while enhancing risk visibility and operational effectiveness.

Detailed Description:

The Microsoft Secure Future Initiative (SFI) represents a historic endeavor in cybersecurity, with substantial investment and commitment aimed at mitigating security risks and enhancing the security posture across Microsoft, its customers, and the broader technology landscape.

Key Aspects Highlighted in the SFI Report:

– **Overall Commitment**:
– The scale of SFI involves the equivalent effort of 34,000 engineers working full-time for 11 months.
– Focus on fostering a security-first culture among employees, influencing every aspect of operations and governance.

– **Innovation in Security Tools**:
– Development of the **Secure by Design UX Toolkit**, which integrates security best practices into product development. This toolkit has been tested across 20 product teams and rolled out to 22,000 employees and is publicly available.
– Creation of 11 new innovations across various Microsoft platforms to enhance security by default.

– **Proactive Cyber Defense**:
– Significant updates to Microsoft Entra ID and MSA token signing processes, including the use of hardware-based security modules (HSMs) and migration to Azure confidential VMs.
– Enhanced detection and response capabilities with over 200 additional detections integrated into Microsoft Defender.

– **Zero Trust Framework**:
– Commitment to Zero Trust principles is reinforced throughout the initiative, ensuring that security is embedded from the engineering core to operations.

– **Risk Management Improvements**:
– A reinforced governance structure to deepen risk visibility and accountability, including the appointment of a Deputy Chief Information Security Officer (CISO) specifically for Business Applications.
– Completed risk inventories and prioritized approaches to manage security risk across various departments.

– **Measurable Progress across Objectives**:
– Advancements have been made across all pillars, including improved identity security (with 92% of user accounts employing phishing-resistant MFA) and isolation of production systems to mitigate lateral movement risks.
– Introduction of network security innovations like DNSSEC and Network Security Perimeter (NSP) to better protect Microsoft and customer networks.

– **Collaboration and Community Engagement**:
– Increased collaboration with the security research community to identify vulnerabilities in AI and cloud environments.
– Support for initiatives such as the CISA Secure by Design pledge, emphasizing a collaborative approach to security challenges.

The report concludes with a commitment to continue evolving Microsoft’s security posture, engaging not only with customers but also across the broader industry, recognizing that cybersecurity efforts must be a collaborative undertaking to be effective.

This progress not only enhances the resilience of Microsoft but also reflects broader trends in cybersecurity aimed at fostering safer environments in response to ever-evolving threats. The initiative underscores the importance of embedding security deeply within the operational fabric of organizations, particularly in AI and cloud domains.

1 2 2025 3 4 5 5 Pro a account accountability Act advancement advancements AGI AI and anti app Application applications Arch architecture art as Azure based based security Best best practices business business applications by C capabilities challenges Chief Information Security Officer CI CISA CISO Cloud cloud environment cloud environments co Col collaboration collaborative collaborative approach commit community community engagement core creation cross culture Customer cyber cyber defense cybersecurit Cybersecurity cybersecurity efforts cybersecurity engineering D de deep Defender defense design detection development DNS domain domains e ecosystem edge effective effectiveness end engagement Engineer engineering engineers Entra environment evolving threats fault first for framework full future g Go governance governance structure H hardware hardware-based security high Highlight HR http HTTPS identity identity security in industry information information security initiatives innovation innovation in security Innovations innovative tools investment Iron IRS isolation ite J k Key l Labor land large lateral movement led Li made man management mass MFA Micro Microsoft Microsoft Defender Microsoft Entra Microsoft Secure Microsoft Security Microsoft Security Blog migration Mode Modern modern security multi N network network security networks no o of off on only operation operational effectiveness operations OPM organization organizations ory out over phi phishing platform platforms point post pre principles proactive process processes product product development production production systems Progress project public Q R rate RCE red report research research community resilience resistant response response capabilities Risk risk management risk visibility risks Ro RoT Rust s safe Scale search sec secure secure by design Secure Future Initiative security security architecture security best practices security challenges security efforts security engineering security innovations security posture Security Research security risk security risks security tool security tools SHA sharing Sig source specific SSE support system systems T taking team Teams tech technology technology landscape test the threat threats Time to token tool toolkit tools Tor TP trends trust trust principles two UI under up update updates US use user V val visibility vm vulnerabilities Ware Wi x zero Zero Trust