Microsoft launched the Secure Future Initiative SFI in November 2023 to boost the company’s and its customers’ cybersecurity. By May 2024, based on industry feedback and Microsoft’s insights, the program expanded to focus on six key security areas. Look at Protect Identities and Secrets plus Protect Tenants and Isolate Production Systems.
Since the start of SFI, Microsoft has committed the equivalent of 34,000 full-time engineers to this effort, making it the largest cybersecurity engineering project ever. The September 2024 progress report highlights important updates and milestones, showing how SFI continues strengthening security for everyone.
Microsoft’s Secure Future Initiative (SFI) focuses on six key cybersecurity areas, or pillars, each addressing crucial security aspects. These key focus areas guide Microsoft’s ongoing work to improve security and keep up with new threats.
In this post, you will find all the critical details of the Microsoft Secure Future Initiative (SFI) Progress Report. It highlights essential updates and milestones since the initiative’s launch and showcases how SFI is advancing cybersecurity efforts across six key pillars.
Table of Contents
What is Microsoft Secure Future Initiative (SFI)?
It is a program to strengthen cybersecurity across all Microsoft operations areas. SFI aims to ensure a secure environment for Microsoft, its customers, and the broader community.
Microsoft Secure Future Initiative SFI
With these updates, we can easily safeguard the future of our customers and community. Security is now a top priority for everyone. Microsoft is taking big steps to prioritise security across the entire company.
Microsoft created a Cybersecurity Governance Council led by its Chief Information Security Officer (CISO), Igor Tsyganskiy. The council includes new Deputy CISOs focusing on managing security risks, defending against cyber threats, and ensuring the company follows security rules.
- Security is Everyone’s Responsibility—All Microsoft employees now include security in their job performance reviews.
- Security Training for Everyone – Microsoft launched the Security Skilling Academy to provide security-related training for all employees.
- Regular Leadership Reviews—Microsoft’s senior leaders check on security progress weekly and provide updates to their Board of Directors every three months.
Security Culture and Governance |
---|
Project Identities and Secrets |
Project tenants and isolate production systems |
Protect networks |
Protect engineering systems |
Monitor and detect threats |
Accelerate response and remediation |
- Methods to Break the Token Theft Cyber-Attack Chain on Entra
- Learn About 8 Common Cyber Security Threats
- 2024 Cybersecurity Certifications for IT Professionals
Six Key Areas to Strengthen Cybersecurity
Microsoft is focusing on six key areas to strengthen cybersecurity across the company. These updates aim to keep Microsoft and its customers safer from cybersecurity threats.
Six Key Areas to Strengthen Cybersecurity | Details |
---|---|
Protect Identities and Secrets | Microsoft improved how access tokens (used to verify identities) are managed by automating their generation, storage, and renewal using secure systems. Increased the use of a standard tool for validating these tokens, covering 73% of tokens for Microsoft apps. Improved security by enforcing phishing-resistant login methods and adding video-based user verification to stop password sharing. |
Protect Tenants and Isolate Production Systems | Microsoft cleaned up their systems by removing over 730,000 unused apps and 5.75 million inactive accounts to increase security. Created secure testing environments with strict management rules and added 15,000 new secure devices to their network. |
Protect Networks | 99% of Microsoft’s physical network devices are now tracked in a central system that monitors compliance and security. Microsoft is also improving how customers can isolate their resources, such as Azure Storage and SQL, to improve security. |
Protect Engineering Systems | Microsoft shortened the lifespan of access tokens to seven days, disabled insecure access methods for internal systems, and reduced the number of people with higher access levels to engineering systems. |
Monitor and Detect Threats | Microsoft ensured that all critical systems now produce security logs, which they will keep for at least two years. |
Accelerate Response and Remediation | Microsoft improved their ability to fix cloud vulnerabilities faster. They started publishing critical vulnerabilities even when no customer action is needed, increasing transparency. |
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Anoop C Nair has been Microsoft MVP from 2015 onwards for 10 consecutive years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is also a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.