Microsoft Secure Future Initiative: Building a safer digital ecosystem

Jonas Bøgvad
Jonas Bøgvad

Table of Contents

In November 2023, Microsoft launched the Secure Future Initiative (SFI) to address the growing threat of cyberattacks and was mentioned at the Microsoft Ignite 2024. It’s not just another program it’s a company-wide shift to make security the foundation of everything Microsoft does.

This started as simple notes, but I thought why not turn it into a blog and share it with you all?

In just one year, SFI has delivered impressive results, transforming how Microsoft protects itself, its customers, and the broader digital ecosystem. But it’s not just about Microsoft. Businesses of all sizes can look to SFI for inspiration and ideas to improve their own security strategies.

A Security-First Culture

One of the standout changes is how Microsoft has embedded security into its everyday operations. This is something any business can aim to do, even on a smaller scale.

  • Resource Commitment: Microsoft has dedicated 34,000 engineers to security tasks, making this the largest cybersecurity effort in history.
    ℹ️Inspiration: Consider assigning dedicated resources to your security efforts, whether it’s a specific team or allocating more hours to focus on reducing risks.
  • Measuring Success: Security is now part of employee reviews, and senior leadership compensation is tied to meeting SFI goals.
    ℹ️Inspiration: Make security part of your team’s goals, tying success to measurable outcomes like reducing vulnerabilities or improving response times.
  • Training for Everyone: The new Security Skilling Academy trains all employees on how their work impacts security, empowering everyone to play a role.
    ℹ️Inspiration: Invest in ongoing training for your employees, helping them understand their part in keeping your systems and data safe.

Clear Leadership and Accountability

Microsoft’s governance changes could inspire businesses to rethink how they oversee security:

  • A Cybersecurity Governance Council oversees risk, compliance, and defense strategies.
    ℹ️Inspiration: Even small businesses can create clear accountability by assigning roles and responsibilities for security.
  • Weekly progress updates and quarterly reviews by the Board of Directors ensure security stays front and center.
    ℹ️Inspiration: Set regular meetings to review your security goals and make adjustments as needed.

Six Key Focus Areas for Security

Microsoft’s progress highlights practical steps businesses can take to improve their security posture.

  1. Protecting Identities
    1. Microsoft ensures 73% of Entra ID tokens are secured with hardware protection and uses phishing-resistant credentials for employees.
      ℹ️Inspiration: Implement modern identity solutions like passwordless logins to reduce risks.
  2. Reducing Risks from Inactive Systems
    1. By removing 730,000 unused apps and 5.75 million inactive tenants, Microsoft shrank its attack surface significantly.
      ℹ️Inspiration: Audit your systems regularly to find unused accounts, apps, or data that could become vulnerabilities.
  3. Securing Engineering Processes
    1. Microsoft ensures 85% of its production pipelines follow secure, standardized templates, reducing risks during deployments.
      ℹ️Inspiration: Standardize your processes to avoid inconsistent security practices, especially for updates or deployments.
  4. Strengthening Networks
    1. Over 99% of devices on Microsoft’s production network now write security logs to improve monitoring.
      ℹ️Inspiration: Strengthen network visibility with tools that help you track and respond to potential threats.
  5. Monitoring for Threats
    1. Microsoft adopted a two-year log retention policy and built advanced detection systems to identify unusual behavior.
      ℹ️Inspiration: Invest in tools for logging and monitoring to improve your ability to detect and respond to attacks.
  6. Faster Responses and Better Communication
    1. Microsoft now publishes Critical Vulnerabilities and Exposures (CVEs) for transparency and established a Customer Security Management Office for better incident communication.
      ℹ️Inspiration: Build a response plan for security incidents and ensure clear communication channels are in place for your team and customers.

Lessons for Businesses

Microsoft’s Secure Future Initiative shows what’s possible when an organization commits to making security a top priority. While most businesses won’t have Microsoft-sized resources, there’s a lot to learn and apply at any scale:

Don't invest in any third party products before Microsoft opportunities is fully implemented.

  1. Start with Culture: Make security part of everyone’s role, from executives to employees.
  2. Simplify and Standardize: Create clear processes for managing risks, monitoring systems, and responding to incidents.
  3. Invest in Visibility: Use tools that help you understand and track your systems to catch threats before they cause harm.

Moving Forward

The Secure Future Initiative isn’t just about what Microsoft is doing it’s a roadmap for all businesses navigating today’s cybersecurity challenges. By adopting even a few of these ideas, organizations can take meaningful steps to protect their systems, data, and people.

Resources

Secure Future Initiative | Microsoft
Explore secure-by-design security features and capabilities from Microsoft that help protect critical resources and data on Microsoft platforms.

https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/SFI_September_2024_progress_report.pdf

Prioritizing security above all else - The Official Microsoft Blog
Microsoft runs on trust, and our success depends on earning and maintaining it. We have a unique opportunity and responsibility to build the most secure and trusted platform that the world innovates upon.