Microsoft Announces Security Updates as Part of Secure Future Initiative

Microsoft has announced a handful of new security tools and updates, which the company said adhere to its Secure Future Initiative, a set of three core tenets emphasizing "secure by design, secure by default and secure operations."

Protecting your data and ensuring the integrity of your systems is paramount," wrote David Weston, vice president of Enterprise and OS Security at Microsoft, in an Ignite blog post. "From chip to cloud, Microsoft provides multiple layers of security to help protect identities and data, and enables an expansive ecosystem for innovation at a critical time. As the security landscape evolves, we continuously enhance Windows' security and resilience, ensuring it remains a secure platform for our partners, developers and customers. A strong security posture is essential for your business, and a shared responsibility across our ecosystem."

Security Exposure Management Launch

Microsoft has launched Security Exposure Management, a solution designed to help organizations assess and reduce threat exposure. Now generally available to Microsoft Security customers, the tool offers a unified view of an organization's attack surface by consolidating data across devices, identities, applications and hybrid environments.

The platform automates attack path assessments to critical assets and provides prioritized recommendations to strengthen security. It integrates with tools like Microsoft Defender XDR and Security Copilot, offering a seamless pre- and post-breach SecOps experience.

Key features include Attack Surface Management for asset discovery, Attack Path Analysis for risk assessment, and Unified Exposure Insights to align security initiatives with business goals. The solution supports continuous threat exposure management, enabling organizations to proactively monitor, measure, and remediate cyber risks.

Bolstered Windows 11 Security

Microsoft outlined key changes coming to Windows 11 and a new initiative focused on further protecting Windows 11 users. Called the Windows Resiliency Initative, Microsoft said it will aim to harden Windows 11 through the following four areas:

  • Strengthen reliability based on learnings from the incident we saw in July.
  • Enabling more apps and users to run without admin privileges.
  • Stronger controls for what apps and drivers are allowed to run.
  • Improved identity protection to prevent phishing attacks.

Microsoft has unveiled new Windows 11 security features that fall into the company's new Windows Resiliency Initiative. These updates, now in preview, aim to bolster protection for commercial customers.

  • Administrator Protection addresses the risks of running apps with elevated privileges, a major source of security incidents. Instead of persistent admin access, users can temporarily authorize system changes via Windows Hello, creating a secure, short-lived admin token. This approach prevents malware from exploiting elevated permissions.
  • To combat credential theft, Windows Hello now includes passkey support, offering built-in multifactor authentication that blocks more than 99.99% of attacks, according to Microsoft.
  • New protections against malicious apps include Smart App Control and App Control for Business, which ensure only verified apps and drivers can run, backed by AI-enhanced policy management.
  • Personal Data Encryption provides file-level security for sensitive folders, integrating with Windows Hello and OneDrive to safeguard enterprise data.
  • Hotpatching minimizes system restarts during critical updates, while Config Refresh ensures policy compliance by resetting unauthorized changes.

These enhancements, part of Microsoft's ongoing zero trust strategy, aim to strengthen security without compromising user productivity, said Microsoft. The features are being tested internally and prepared for broader enterprise deployment.

Windows Security Copilot Updates

Microsoft has introduced new advancements to Security Copilot, leveraging generative AI to enhance security across organizations.

The updates bring AI-driven insights directly into Microsoft tools, making security management more efficient. Data security administrators can now access a clearer view of their environments through Microsoft Purview Data Security Posture Management, while identity administrators get AI assistance in the Microsoft Entra admin center to simplify tasks and enforce least-privilege access policies. IT administrators can also take advantage of AI-powered Kusto Query Language (KQL) support for faster troubleshooting and easier patch management.

Microsoft said Security Operations Center (SOC) analysts can benefit from an improved side panel for resolving identity issues and broader insights via the Microsoft Threat Intelligence plugin and new promptbooks simplify workflows, enhancing efficiency.

Security Copilot also integrates with third-party plugins, enabling teams to leverage Microsoft's threat intelligence. A Logic Apps connector allows automation of security tasks enriched by AI.

With enterprise-ready features like audit logs and role-based access control, these updates aim to streamline operations, enhance protection, and scale with organizational needs, the company said.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

  • computer with a red warning icon on its screen, surrounded by digital grids, glowing neural network patterns, and a holographic brain

    Report Highlights Security Risks of Open Source AI

    In these days of rampant ransomware and other cybersecurity exploits, security is paramount to both proprietary and open source AI approaches — and here the open source movement might be susceptible to some inherent drawbacks, such as use of possibly insecure code from unknown sources.

  • The AI Show

    Register for Free to Attend the World's Greatest Show for All Things AI in EDU

    The AI Show @ ASU+GSV, held April 5–7, 2025, at the San Diego Convention Center, is a free event designed to help educators, students, and parents navigate AI's role in education. Featuring hands-on workshops, AI-powered networking, live demos from 125+ EdTech exhibitors, and keynote speakers like Colin Kaepernick and Stevie Van Zandt, the event offers practical insights into AI-driven teaching, learning, and career opportunities. Attendees will gain actionable strategies to integrate AI into classrooms while exploring innovations that promote equity, accessibility, and student success.

  • a professional worker in business casual attire interacting with a large screen displaying a generative AI interface in a modern office

    Study: Generative AI Could Inhibit Critical Thinking

    A new study on how knowledge workers engage in critical thinking found that workers with higher confidence in generative AI technology tend to employ less critical thinking to AI-generated outputs than workers with higher confidence in personal skills.

  • university building with classical columns and a triangular roof displayed on a computer screen, surrounded by minimalist tech elements like circuit lines and abstract digital shapes

    Pima Community College Launches New Portal for a Unified Digital Campus Experience

    Arizona's Pima Community College is elevating the digital campus experience for students, faculty, and staff with a new portal built on the Pathify digital engagement platform.