Microsoft Secure Future Initiative SFI Protect Identities and Secrets Protect Tenants and Isolate Production Systems

Microsoft launched the Secure Future Initiative SFI in November 2023 to boost the company’s and its customers’ cybersecurity. By May 2024, based on industry feedback and Microsoft’s insights, the program expanded to focus on six key security areas. Look at Protect Identities and Secrets plus Protect Tenants and Isolate Production Systems.

Since the start of SFI, Microsoft has committed the equivalent of 34,000 full-time engineers to this effort, making it the largest cybersecurity engineering project ever. The September 2024 progress report highlights important updates and milestones, showing how SFI continues strengthening security for everyone.

Microsoft’s Secure Future Initiative (SFI) focuses on six key cybersecurity areas, or pillars, each addressing crucial security aspects. These key focus areas guide Microsoft’s ongoing work to improve security and keep up with new threats.

In this post, you will find all the critical details of the Microsoft Secure Future Initiative (SFI) Progress Report. It highlights essential updates and milestones since the initiative’s launch and showcases how SFI is advancing cybersecurity efforts across six key pillars.

Patch My PC

What is Microsoft Secure Future Initiative (SFI)?

Microsoft Secure Future Initiative SFI Progress Report Key Updates

It is a program to strengthen cybersecurity across all Microsoft operations areas. SFI aims to ensure a secure environment for Microsoft, its customers, and the broader community.

Microsoft Secure Future Initiative SFI

With these updates, we can easily safeguard the future of our customers and community. Security is now a top priority for everyone. Microsoft is taking big steps to prioritise security across the entire company.

Adaptiva

Microsoft created a Cybersecurity Governance Council led by its Chief Information Security Officer (CISO), Igor Tsyganskiy. The council includes new Deputy CISOs focusing on managing security risks, defending against cyber threats, and ensuring the company follows security rules.

  • Security is Everyone’s Responsibility—All Microsoft employees now include security in their job performance reviews.
  • Security Training for Everyone – Microsoft launched the Security Skilling Academy to provide security-related training for all employees.
  • Regular Leadership Reviews—Microsoft’s senior leaders check on security progress weekly and provide updates to their Board of Directors every three months.
Security Culture and Governance
Project Identities and Secrets
Project tenants and isolate production systems
Protect networks
Protect engineering systems
Monitor and detect threats
Accelerate response and remediation
Microsoft Secure Future Initiative SFI Protect Identities and Secrets Protect Tenants and Isolate Production Systems – Table 1
Microsoft Secure Future Initiative SFI Protect Identities and Secrets Protect Tenants and Isolate Production Systems - Fig.1 - Creds to MS
Microsoft Secure Future Initiative SFI Protect Identities and Secrets Protect Tenants and Isolate Production Systems – Fig.1 – Creds to MS

Six Key Areas to Strengthen Cybersecurity

Microsoft is focusing on six key areas to strengthen cybersecurity across the company. These updates aim to keep Microsoft and its customers safer from cybersecurity threats.

Six Key Areas to Strengthen CybersecurityDetails
Protect Identities and SecretsMicrosoft improved how access tokens (used to verify identities) are managed by automating their generation, storage, and renewal using secure systems.

Increased the use of a standard tool for validating these tokens, covering 73% of tokens for Microsoft apps.

Improved security by enforcing phishing-resistant login methods and adding video-based user verification to stop password sharing.
Protect Tenants and Isolate Production SystemsMicrosoft cleaned up their systems by removing over 730,000 unused apps and 5.75 million inactive accounts to increase security.

Created secure testing environments with strict management rules and added 15,000 new secure devices to their network.
Protect Networks99% of Microsoft’s physical network devices are now tracked in a central system that monitors compliance and security.

Microsoft is also improving how customers can isolate their resources, such as Azure Storage and SQL, to improve security.
Protect Engineering SystemsMicrosoft shortened the lifespan of access tokens to seven days, disabled insecure access methods for internal systems, and reduced the number of people with higher access levels to engineering systems.
Monitor and Detect ThreatsMicrosoft ensured that all critical systems now produce security logs, which they will keep for at least two years.
Accelerate Response and RemediationMicrosoft improved their ability to fix cloud vulnerabilities faster.

They started publishing critical vulnerabilities even when no customer action is needed, increasing transparency.
Microsoft Secure Future Initiative SFI Protect Identities and Secrets Protect Tenants and Isolate Production Systems – Table 2
Microsoft Secure Future Initiative SFI Protect Identities and Secrets Protect Tenants and Isolate Production Systems - Fig.2 - Creds to MS
Microsoft Secure Future Initiative SFI Protect Identities and Secrets Protect Tenants and Isolate Production Systems – Fig.2 – Creds to MS

Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.

Author

Anoop C Nair has been Microsoft MVP from 2015 onwards for 10 consecutive years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is also a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.