Microsoft Announces Security Advancements

Microsoft has announced major security advancements across its product portfolio and practices. The work is part of its Secure Future Initiative (SFI), a multiyear cybersecurity transformation the company calls the largest engineering project in company history.

The latest SFI progress report outlines security improvements made across 28 key objectives, including stronger identity protections, expanded threat detection capabilities, and enhanced default security features throughout Microsoft's product lineup.

According to Microsoft, the effort represents the equivalent of 34,000 engineers working full time over 11 months. Microsoft Executive Vice President Charlie Bell said the initiative is focused on building security into every layer of the company's operations and responding rapidly to threats.

"We have made progress across culture and governance by fostering a security-first mindset in every employee and investing in holistic governance structures to address cybersecurity risk across our enterprise," said Bell in a blog post announcing the release of the report.

Identity, Detection and Threat Response

The company reported progress in hardening identity infrastructure. About 90% of Microsoft Entra ID tokens are now validated using a unified and secure software development kit. In a move prompted by the 2023 Storm-0558 breach, Microsoft has migrated token signing keys to hardware security modules and Azure confidential virtual machines, a shift aimed at minimizing the risk of forgery or key compromise.

Microsoft also introduced more than 200 new threat detections focused on adversary tactics, techniques and procedures. These detections — many of which will be added to Microsoft Defender — are reinforced by Red Team simulations designed to validate defense mechanisms in real-world scenarios.

Advancing Culture and Governance

As part of a company-wide cultural shift, Microsoft now requires every employee to define a Security Core Priority during performance reviews. The company says more than 50,000 employees have participated in its Security Academy training program, and 99% have completed its Trust Code compliance training.

On the governance side, Microsoft has enhanced its cybersecurity leadership by appointing deputy chief information security officers across key business areas and completing a full risk inventory. Progress on SFI objectives is reviewed biweekly by Microsoft's senior leadership team and quarterly by its board of directors.

Secure by Design and Default

Microsoft also unveiled a new Secure by Design UX Toolkit, developed and tested by 20 internal product teams and now in use by 22,000 employees. The publicly available toolkit helps teams create more secure user interfaces by embedding best practices directly into the product design lifecycle. Early results point to fewer misconfigurations and more intuitive security settings for end users.

Eleven new security features have launched across Microsoft 365, Azure, Windows, and Microsoft Security. These include enforced multifactor authentication (MFA) for all Azure Portal and Entra ID administrator sign-ins, new identity segmentation models, and AI-informed fraud detection systems that helped prevent $4 billion in attempted fraud, according to the company.

Microsoft also revealed enhancements in secure operations, including broader adoption of its two-year security logging policy and ongoing development of quantum-safe cryptographic systems.

Security at Scale

The report outlines Microsoft's progress toward "zero trust" principles, with many security improvements automated at scale. For example, over 6.3 million legacy or unused Microsoft tenants were removed, and 88% of cloud resources have been migrated to Azure Resource Manager.

To mitigate lateral movement attacks, Microsoft implemented identity isolation protocols and network segmentation, and deployed 98,000 hardened devices for accessing sensitive production environments. The company also introduced its Network Security Perimeter (NSP) technology, which helps isolate cloud services and enforce least-privilege access across 21 million resources.

Bell emphasized that cybersecurity progress is a continuous process, shaped by evolving threats and technological change. "SFI is how we're rising to that challenge," he wrote. "We also know that security is a team sport."

Microsoft continues to participate in global security efforts, including the CISA Secure by Design pledge and the intergovernmental Pall Mall Process aimed at curbing the misuse of commercial intrusion tools.

For more information, read the Microsoft blog.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

  • The AI Show

    Register for Free to Attend the World's Greatest Show for All Things AI in EDU

    The AI Show @ ASU+GSV, held April 5–7, 2025, at the San Diego Convention Center, is a free event designed to help educators, students, and parents navigate AI's role in education. Featuring hands-on workshops, AI-powered networking, live demos from 125+ EdTech exhibitors, and keynote speakers like Colin Kaepernick and Stevie Van Zandt, the event offers practical insights into AI-driven teaching, learning, and career opportunities. Attendees will gain actionable strategies to integrate AI into classrooms while exploring innovations that promote equity, accessibility, and student success.

  • floating digital interface with glowing icons, surrounded by faint geometric shapes

    Digital Education Council Defines 5 Dimensions of AI Literacy

    A recent report from the Digital Education Council, a global community devoted to "revolutionizing the world of education and work through technology and collaboration," provides an AI literacy framework to help higher education institutions equip their constituents with foundational AI competencies.

  • computer screen displaying a landline phone being unplugged from a single cord, with a modern office desk, keyboard, and subtle lighting in the background

    Microsoft to Discontinue Skype Services

    Microsoft has announced that it is shutting down service for its Skype telecommunications and video calling services on May 5, 2025.

  • glowing brain, connected circuits, and abstract representations of a book and graduation cap on a light gray gradient background

    Snowflake Launches Program to Upskill 100,000 People in Data and AI

    Cloud data platform Snowflake is embarking on an effort to train and certify more than 100,000 users on its AI Data Cloud by 2027. The One Million Minds + One Platform program will provide Snowflake-delivered courses, training materials, and free access to Snowflake software, at no cost to learners.