So how Microsoft Secure Future Initiative going ? Let’s make this an engaging title.

  • Reading time:3 mins read
  • Post category:AntivirusDon
  • Post comments:0 Comments
You are currently viewing So how Microsoft Secure Future Initiative going ? 


Let’s make this an engaging title.
Representation image: This image is an artistic interpretation related to the article theme.

Microsoft took a victory lap today, touting the 34,000 full-time engineers it has dedicated to its Secure Future Initiative (SFI) since it launched almost a year ago and making public its first progress report on efforts to improve security in its products and services. As Register readers likely remember, SFI was rolled out in November 2023 following widespread criticism of Microsoft’s security failings – the most recent (at the time) being Chinese spies compromising tens of thousands of Microsoft-hosted email accounts belonging to government officials. That was before it came to light that Kremlin spies broke into Microsoft’s network and stole source code via an account that didn’t have multi-factor authentication (MFA) enabled.

The company’s response was swift and decisive. Microsoft immediately launched a series of initiatives aimed at strengthening its security posture, including a new SFI program, enhanced security controls, and improved incident response capabilities. Microsoft’s SFI program, launched in 2019, is designed to proactively identify and mitigate potential security threats.

* **Employee privacy:** Employees have a right to privacy, and their reviews should not be publicly accessible without their consent. * **Reputation management:** Publicly available employee reviews can impact an organization’s reputation, both positively and negatively.

Protect identities and secrets: Microsoft Entra ID and Microsoft Account (MSA) for public and US government clouds will now generate, store, and automatically rotate access token signing keys using the Azure Managed Hardware Security Module (HSM) service. Plus, Redmond’s standard identity SDKs, used to validate security tokens, now cover more than 73 percent of those issued by Microsoft Entra ID for Microsoft-owned applications. Additionally, Microsoft production environments now use so-called “phishing resistant” credentials, and 95 percent of internal users have been set up on video-based user verification in productivity environments to ensure they’re not sharing passwords. Protect tenants and isolate production systems: Microsoft killed off 730,000 unused apps and eliminated 5.75 million inactive tenants. It also claims to have “deployed over 15,000 new production-ready locked-down devices in the last three months.” Protect networks: Redmond says it has recorded more than 99 percent of physical assets on the production network in a central inventory system, and isolated virtual networks with back-end connectivity from the corporate network. Protect engineering systems: We’re told that 85 percent of Microsoft’s production build pipelines for its commercial cloud now use centrally governed pipeline templates. Monitor and detect threats: “Significant progress” has been made to adopt standard libraries for security audit logs across all production environments. This includes central management, and a two-year log retention period. More than 99 percent of network devices now have centralized security log collection and retention. Accelerate response and remediation: Microsoft says it updated processes that have improved mitigation time for critical cloud vulnerabilities and set up a Customer Security Management Office (CSMO) for customer engagement during security incidents. Plus, “we began publishing critical cloud vulnerabilities as common vulnerabilities and exposures (CVEs), even if no customer action is required, to improve transparency,” Redmond crowed, although we imagine some bug hunters might see room for improvement around CVEs and transparency.

* **SFI** stands for **Security First Initiative**. * **Redmond** is the CEO of Microsoft. * **Cybersecurity Governance Council** is a new initiative under SFI. * **Deputy Chief Information Security Officers (deputy CISOs)** are appointed to lead the implementation of SFI.

* **The importance of proactive measures:** The summary states that Microsoft needs to take proactive measures to protect its users. This is crucial because reactive measures are often insufficient in the face of sophisticated cyberattacks. * **Concrete examples:** Providing specific examples of proactive measures, such as advanced threat detection systems, security awareness training, and robust incident response plans, would strengthen the argument.

Leave a Reply