Microsoft Announces Major Security Advancements
Microsoft has announced significant security enhancements across its product portfolio and practices as part of its Secure Future Initiative (SFI), described as the largest engineering project in company history. The latest SFI progress report highlights security improvements across 28 key objectives, including stronger identity protections, expanded threat detection capabilities, and enhanced default security features throughout Microsoft’s product lineup.
According to Microsoft, the effort is equivalent to 34,000 engineers working full-time over 11 months. Microsoft Executive Vice President Charlie Bell stated that the initiative focuses on building security into every layer of the company’s operations and responding rapidly to threats. “We have made progress across culture and governance by fostering a security-first mindset in every employee and investing in holistic governance structures to address cybersecurity risk across our enterprise,” Bell said in a blog post.
Strengthening Identity and Threat Detection
The company reported progress in hardening identity infrastructure, with about 90% of Microsoft Entra ID tokens now validated using a unified and secure software development kit. Following the 2023 Storm-0558 breach, Microsoft migrated token signing keys to hardware security modules and Azure confidential virtual machines to minimize the risk of forgery or key compromise. Additionally, Microsoft introduced over 200 new threat detections focused on adversary tactics, techniques, and procedures, many of which will be added to Microsoft Defender.
Advancing Culture and Governance
As part of a company-wide cultural shift, Microsoft now requires every employee to define a Security Core Priority during performance reviews. More than 50,000 employees have participated in its Security Academy training program, and 99% have completed Trust Code compliance training. Microsoft has also enhanced its cybersecurity leadership by appointing deputy chief information security officers across key business areas and completing a full risk inventory. Progress on SFI objectives is reviewed biweekly by Microsoft’s senior leadership team and quarterly by its board of directors.
Secure by Design and Default
Microsoft unveiled a new Secure by Design UX Toolkit, developed and tested by 20 internal product teams and now in use by 22,000 employees. The publicly available toolkit helps teams create more secure user interfaces by embedding best practices directly into the product design lifecycle. Eleven new security features have been launched across Microsoft 365, Azure, Windows, and Microsoft Security, including enforced multifactor authentication (MFA) for all Azure Portal and Entra ID administrator sign-ins.
Security at Scale
The report outlines Microsoft’s progress toward ‘zero trust’ principles, with many security improvements automated at scale. Over 6.3 million legacy or unused Microsoft tenants were removed, and 88% of cloud resources have been migrated to Azure Resource Manager. Microsoft implemented identity isolation protocols and network segmentation to mitigate lateral movement attacks and deployed 98,000 hardened devices for accessing sensitive production environments.
Bell emphasized that cybersecurity progress is a continuous process shaped by evolving threats and technological change. “SFI is how we’re rising to that challenge,” he wrote. Microsoft continues to participate in global security efforts, including the CISA Secure by Design pledge and the intergovernmental Pall Mall Process aimed at curbing the misuse of commercial intrusion tools.
