We cannot anticipate every misuse or emergent behavior in AI systems. We can, however, identify what can go wrong, assess how bad it could be, and design systems that help reduce the likelihood or impact of those failure modes. That is the role of threat modeling: a structured way to identify, analyze, and prioritize risks early so teams can prepare for and limit the impact of real‑world failures or adversarial exploits.

Traditional threat modeling evolved around deterministic software: known code paths, predictable inputs and outputs, and relatively stable failure modes. AI systems (especially generative and agentic systems) break many of those assumptions. As a result, threat modeling must be adapted to a fundamentally different risk profile.

Why AI changes threat modeling

Generative AI systems are probabilistic and operate over a highly complex input space. The same input can produce different outputs across executions, and meaning can vary widely based on language, context, and culture. As a result, AI systems require reasoning about ranges of likely behavior, including rare but high‑impact outcomes, rather than a single predictable execution path.

This complexity is amplified by uneven input coverage and resourcing. Models perform differently across languages, dialects, cultural contexts, and modalities, particularly in low‑resourced settings. These gaps make behavior harder to predict and test, and they matter even in the absence of malicious intent. For threat modeling teams, this means reasoning not only about adversarial inputs, but also about where limitations in training data or understanding may surface failures unexpectedly.

Against this backdrop, AI introduces a fundamental shift in how inputs influence system behavior. Traditional software treats untrusted input as data. AI systems treat conversation and instruction as part of a single input stream, where text—including adversarial text—can be interpreted as executable intent. This behavior extends beyond text: multimodal models jointly interpret images and audio as inputs that can influence intent and outcomes.

As AI systems act on this interpreted intent, external inputs can directly influence model behavior, tool use, and downstream actions. This creates new attack surfaces that do not map cleanly to classic threat models, reshaping the AI risk landscape.

Three characteristics drive this shift:

• Nondeterminism: AI systems require reasoning about ranges of behavior rather than single outcomes, including rare but severe failures.
• Instruction‑following bias: Models are optimized to be helpful and compliant, making prompt injection, coercion, and manipulation easier when data and instructions are blended by default.
• System expansion through tools and memory: Agentic systems can invoke APIs, persist state, and trigger workflows autonomously, allowing failures to compound rapidly across components.

Together, these factors introduce familiar risks in unfamiliar forms: prompt injection and indirect prompt injection via external data, misuse of tools, privilege escalation through chaining, silent data exfiltration, and confidently wrong outputs treated as fact.

AI systems also surface human‑centered risks that traditional threat models often overlook, including erosion of trust, overreliance on incorrect outputs, reinforcement of bias, and harm caused by persuasive but wrong responses. Effective AI threat modeling must treat these risks as first‑class concerns, alongside technical and security failures.

Start with assets, not attacks

Effective threat modeling begins by being explicit about what you are protecting. In AI systems, assets extend well beyond databases and credentials.

Common assets include:

• User safety, especially when systems generate guidance that may influence actions.
• User trust in system outputs and behavior.
• Privacy and security of sensitive user and business data.
• Integrity of instructions, prompts, and contextual data.
• Integrity of agent actions and downstream effects.

Teams often under-protect abstract assets like trust or correctness, even though failures here cause the most lasting damage. Being explicit about assets also forces hard questions: What actions should this system never take? Some risks are unacceptable regardless of potential benefit, and threat modeling should surface those boundaries early.

Understand the system you’re actually building

Threat modeling only works when grounded in the system as it truly operates, not the simplified version of design docs.

For AI systems, this means understanding:

• How users actually interact with the system.
• How prompts, memory, and context are assembled and transformed.
• Which external data sources are ingested, and under what trust assumptions.
• What tools or APIs the system can invoke.
• Whether actions are reactive or autonomous.
• Where human approval is required and how it is enforced.

In AI systems, the prompt assembly pipeline is a first-class security boundary. Context retrieval, transformation, persistence, and reuse are where trust assumptions quietly accumulate. Many teams find that AI systems are more likely to fail in the gaps between components — where intent and control are implicit rather than enforced — than at their most obvious boundaries.

Model misuse and accidents 

AI systems are attractive targets because they are flexible and easy to abuse. Threat modeling has always focused on motivated adversaries:

• Who is the adversary?
• What are they trying to achieve?
• How could the system help them (intentionally or not)?

Examples include extracting sensitive data through crafted prompts, coercing agents into misusing tools, triggering high-impact actions via indirect inputs, or manipulating outputs to mislead downstream users.

With AI systems, threat modeling must also account for accidental misuse—failures that emerge without malicious intent but still cause real harm. Common patterns include:

• Overestimation of Intelligence: Users may assume AI systems are more capable, accurate, or reliable than they are, treating outputs as expert judgment rather than probabilistic responses.
• Unintended Use: Users may apply AI outputs outside the context they were designed for, or assume safeguards exist where they do not.
• Overreliance: When users accept incorrect or incomplete AI outputs, typically because AI system design makes it difficult to spot errors.

Every boundary where external data can influence prompts, memory, or actions should be treated as high-risk by default. If a feature cannot be defended without unacceptable stakeholder harm, that is a signal to rethink the feature, not to accept the risk by default.

Use impact to determine priority, and likelihood to shape response

Not all failures are equal. Some are rare but catastrophic; others are frequent but contained. For AI systems operating at a massive scale, even low‑likelihood events can surface in real deployments.

Historically risk management multiplies impact by likelihood to prioritize risks. This doesn’t work for massively scaled systems. A behavior that occurs once in a million interactions may occur thousands of times per day in global deployment. Multiplying high impact by low likelihood often creates false comfort and pressure to dismiss severe risks as “unlikely.” That is a warning sign to look more closely at the threat, not justification to look away from it.

A more useful framing separates prioritization from response:

• Impact drives priority: High-severity risks demand attention regardless of frequency.
• Likelihood shapes response: Rare but severe failures may rely on manual escalation and human review; frequent failures require automated, scalable controls.

Every identified threat needs an explicit response plan. “Low likelihood” is not a stopping point, especially in probabilistic systems where drift and compounding effects are expected.

Design mitigations into the architecture

AI behavior emerges from interactions between models, data, tools, and users. Effective mitigations must be architectural, designed to constrain failure rather than react to it.

Common architectural mitigations include:

• Clear separation between system instructions and untrusted content.
• Explicit marking or encoding of untrusted external data.
• Least-privilege access to tools and actions.
• Allow lists for retrieval and external calls.
• Human-in-the-loop approval for high-risk or irreversible actions.
• Validation and redaction of outputs before data leaves the system.

These controls assume the model may misunderstand intent. Whereas traditional threat modeling assumes that risks can be 100% mitigated, AI threat modeling focuses on limiting blast radius rather than enforcing perfect behavior. Residual risk for AI systems is not a failure of engineering; it is an expected property of non-determinism. Threat modeling helps teams manage that risk deliberately, through defense in depth and layered controls.

Detection, observability, and response

Threat modeling does not end at prevention. In complex AI systems, some failures are inevitable, and visibility often determines whether incidents are contained or systemic.

Strong observability enables:

• Detection of misuse or anomalous behavior.
• Attribution to specific inputs, agents, tools, or data sources.
• Accountability through traceable, reviewable actions.
• Learning from real-world behavior rather than assumptions.

In practice, systems need logging of prompts and context, clear attribution of actions, signals when untrusted data influences outputs, and audit trails that support forensic analysis. This observability turns AI behavior from something teams hope is safe into something they can verify, debug, and improve over time.

 Response mechanisms build on this foundation. Some classes of abuse or failure can be handled automatically, such as rate limiting, access revocation, or feature disablement. Others require human judgment, particularly when user impact or safety is involved. What matters most is that response paths are designed intentionally, not improvised under pressure.

Threat modeling as an ongoing discipline

AI threat modeling is not a specialized activity reserved for security teams. It is a shared responsibility across engineering, product, and design.

The most resilient systems are built by teams that treat threat modeling as one part of a continuous design discipline — shaping architecture, constraining ambition, and keeping human impact in view. As AI systems become more autonomous and embedded in real workflows, the cost of getting this wrong increases.

Get started with AI threat modeling by doing three things:

1. Map where untrusted data enters your system.
2. Set clear “never do” boundaries.
3. Design detection and response for failures at scale.

As AI systems and threats change, these practices should be reviewed often, not just once. Thoughtful threat modeling, applied early and revisited often, remains an important tool for building AI systems that better earn and maintain trust over time

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Threat modeling AI applications appeared first on Microsoft Security Blog.

While AI supports growth and innovation, it is also reshaping how organizations address faster, more adaptive security risks. AI-driven security threats, including “vibe-hacking”, are evolving faster than traditional defenses can adapt. Attackers can now combine reinforcement learning (RL) with LLM capabilities in code generation, tool use, and multi-step reasoning to create agents that act as autonomous, adaptive cyber weapons. These agents can mutate attacks and bypass defenses in real time—outpacing human response teams.   

Traditional security tools, built on static rules and signatures, are quickly becoming obsolete. To stay protected, enterprises need to adopt AI-powered cybersecurity systems that learn, anticipate, and respond as intelligently as attackers. This is where Adversarial Learning, a critical new frontier in security, comes in. By continuously training attack and defense models together, we can build an autonomic defense system against weaponized AI. However, achieving real-time security requires scaling transformer-based architectures and optimizing them for ultra-low-latency inference at massive scale.  

This post highlights how Microsoft and NVIDIA are transforming adversarial learning research into real-time, production-grade cyber defense—leveraging GPU-accelerated computing to deliver scalable, adaptive protection.  

Strategic Collaboration: Building Real-Time Threat Detection   

Once trained, deploying transformer models for live traffic analysis demands an inference engine that can match the volume and velocity of production workloads—without compromising detection accuracy. Through joint engineering efforts, Microsoft and NVIDIA achieved breakthrough performance by transitioning from CPU to GPU compute:   

This end-to-end latency, which includes network latency, demonstrates the viability of deploying adversarial learning at an enterprise scale.  

Microsoft’s Contributions: Adversarial Learning, Model Training & Optimization  

To achieve high detection accuracy on adversarial traffic, Microsoft researchers trained and optimized transformer-based classifiers to detect malicious payloads.  

Key innovations included:  

• Adversarial learning pipeline  

• Model distillation and architecture  

• Security-specific input segmentation that enabled NVIDIA to develop parallel tokenization  

These enhancements laid the foundation for high-precision detection and enabling AI models which can generalize across diverse attack variants.  

NVIDIA Contributions: Accelerating Inference at Scale  

Beyond baseline GPU acceleration, two NVIDIA innovations were critical to achieving real-time latency targets:   

1. Optimized GPU Classifier (NVIDIA Triton + TensorRT):  

NVIDIA engineered a custom TensorRT implementation of Microsoft’s classifier, fusing key operations into a single CUDA kernel to minimize memory traffic and launch overhead.  In particular, normalization operations were automatically fused into kernels of preceding operations by TensorRT, while custom CUDA kernels were developed to optimize both sliding window attention and dense layer activation functions. All custom kernels were then compiled together into a TensorRT engine and served via the Triton-TensorRT C++ backend to minimize host overhead.    

Overall, the NVIDIA solution led to significant performance boosts compared to standard GPU solutions, reducing forward-pass latency from 9.45 ms to 3.39 ms. This represented a 2.8× speedup and contributed 6.06 ms of the total 10.13 ms end-to-end latency reduction reported in the performance breakdown above.   

2. Domain-Specific Tokenization  

After optimizing the threat-detection classifier, the data pre-processing pipeline emerged as the next major performance bottleneck. Traditional tokenization techniques often fall short when it comes to leveraging parallelism within a sequence. While whitespace-based segmentation may suffice for conventional content like articles or documentation, it proves inadequate for densely packed request strings. These strings, common in security-sensitive environments, resist balanced segmentation, leading to inefficiencies in downstream processing.   
   
To address the challenges of processing dense machine-generated payloads, NVIDIA engineered a domain-specific tokenizer optimized for low-latency environments. By integrating segmentation points developed by Microsoft, tailored to the structural nuances of machine data, the tokenizer unlocked finer-grained parallelism, delivering a 3.5× reduction in tokenization latency. These cumulative engineering breakthroughs will enable Microsoft to deploy a high-performance threat-detection classifier capable of efficiently handling a wide range of sequence lengths in real-time.  

Inference Stack:   

• Serving: NVIDIA Triton Inference Server  

• Model: NVIDIA TensorRT implementation of Microsoft’s threat classifier   

• Tokenizer: Custom tokenizer optimized for security data  

Custom CUDA Kernels:   

• Embedding + LayerNorm  

• Residual Add + LayerNorm  

• GeGLU activation  

• Bidirectional sliding window flash attention  

Real-World Impact   

Speed: Real-time classification enables truly inline adversarial detection for production traffic, without introducing queueing delays.  

Scale: Sustained GPU throughput (> 130 req/s on H100); supports high-traffic endpoints and bursty workloads.   

Accuracy: >95% detection accuracy on representative adversarial inputs provides robust coverage against rapidly evolving attack variants.   

What’s Next   

The roadmap and deep engineering collaboration continues to push the boundaries of real-time threat-detection. Future efforts will explore advanced model architectures for adversarial robustness and advanced acceleration techniques such as quantization. The next phase will significantly broaden the impact of adversarial learning in practical cybersecurity applications. By training models on malicious patterns, we’re equipping them to manage higher traffic volumes and increasingly intricate payloads—while maintaining strict latency constraints. These innovations collectively lay the foundation for faster, more robust defenses that can keep pace with the escalating scale and complexity of today’s AI-driven cyber threats.  

To learn more about this research, join us at the Security Preday event on Monday, November 17 starting at 1 pm Pacific or at the NVIDIA booth on Thursday, November 20 at 10:35 am Pacific.  Please visit the Ignite event Website https://ignite.microsoft.com/en-US/home for details on how to register. 
 

Special thanks to key contributors to this research: Sami Ait Ouahmane (Microsoft), Rachel Allen (NVIDIA), Mohit Ayani (NVIDIA), Francis Beckert (Microsoft), Nora Hajjar (Microsoft), Rakib Hasan (NVIDIA), Yingqi Liu (Microsoft), Navid Nobakht (Microsoft), Rohan Varma (NVIDIA), and Bryan Xia (Microsoft)  

The post Collaborative research by Microsoft and NVIDIA on real-time immunity appeared first on Microsoft Security Blog.

Fostering a security-first mindset 

Engineering sentiment around security has improved by nine points since early 2024. To increase security awareness, 95% of employees have completed the latest training on guarding against AI-powered cyberattacks, which remains one of our highest-rated courses. Finally, we developed resources for employees and made them available to customers for the first time to improve security awareness. 

Governance that scales globally 

The Cybersecurity Governance Council now includes three additional Deputy Chief Information Security Officers (CISOs) functions covering European regulations, internal operations, and engagement with our ecosystem of partners and suppliers. We launched the Microsoft European Security Program to deepen partnerships and better inform European governments about the cyberthreat landscape and collaborating with industry partners to better align cybersecurity regulations, advance responsible state behavior in cyberspace, and build cybersecurity capacity through the Advancing Regional Cybersecurity Initiative in the global south. You can read more on our cybersecurity policy and diplomacy work.

Secure by Design, Secure by Default, Secure Operations

Microsoft Azure, Microsoft 365, Windows, Microsoft Surface, and Microsoft Security engineering teams continue to deliver innovations to better protect customers. Azure enforced secure defaults, expanded hardware-based trust, and updated security benchmarks to improve cloud security. Microsoft 365 introduced a dedicated AI Administrator role, and enhanced agent lifecycle governance and data security transparency to give organizations more control and visibility. Windows and Surface advanced Zero Trust principles with expanded passkeys, automatic recovery capabilities, and memory-safe improvements to firmware and drivers. Microsoft Security introduced data security posture management for AI and evolved Microsoft Sentinel into an AI-first platform with data lake, graph, and Model Context Protocol capabilities.

Engineering progress that sets the benchmark

We’re making steady progress across all engineering pillars. Key achievements include enforcing phishing-resistant multifactor authentication (MFA) for 99.6% of Microsoft employees and devices, migrating higher-risk users to locked-down Azure Virtual Desktop environments, completing network device inventory and lifecycle management, and achieving 99.5% detection and remediation of live secrets in code. We’ve also deployed more than 50 new detections across Microsoft infrastructure with applicable detections to be added to Microsoft Defender and awarded $17 million to promote responsible vulnerability disclosure.

Actionable guidance 

To help customers improve their security, we highlight 10 SFI patterns and practices customers can follow to reduce their risk. We also share additional best practices and guidance throughout the report. Customers can do a deeper assessment of their security posture by using our Zero Trust Workshops which incorporate SFI-based assessments and actionable learnings to help customers on their own security journeys.

Security as the foundation of trust 

Cybersecurity is no longer a feature—it’s the foundation of trust in a connected world.

With the equivalent of 35,000 engineers working full time on security, SFI remains the largest cybersecurity effort in digital history. Looking ahead, we will continue to prioritize the highest risks, accelerate delivery of security innovations, and harness AI to increase engineering efficiency and enable rapid anomaly detection and automated remediation.

The cyberthreat landscape will continue to evolve. Technology will continue to advance. And Microsoft will continue to prioritize security above all else. Our progress reflects a simple truth: trust is earned through action and accountability.

We are grateful for the partnership of our customers, industry peers, and security researchers. Together, we will innovate for a safer future.

​​Learn more with Microsoft Security

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. 

The post ​​Securing our future: November 2025 progress report on Microsoft’s Secure Future Initiative ​​  appeared first on Microsoft Security Blog.

This year’s findings reveal something we have all been sensing: the threat of landscape is not just evolving—it is accelerating. AI has fundamentally changed the equation, impacting the speed, scale, and sophistication of cyberattacks in ways that render many traditional defensive assumptions obsolete. Yet AI also represents our most powerful tool for adaptation.

Understanding the acceleration

The metrics tell a stark story, but the operational implications matter more. We’re observing cyberattacks that execute in the time it takes a user to click—ClickFix techniques that bypass layered defenses through social engineering at machine speed. In cloud environments, the window between deployment and compromise has collapsed to 48 hours for containers, fundamentally challenging our assumptions about hardening timelines.

The economics have shifted as well. AI-powered phishing campaigns now achieve 50 times profitability improvements by automating personalization at scale. We’re tracking North Korean operations that have embedded tens of thousands of workers globally, turning the remote workforce into a persistent cyberthreat vector. This is not opportunistic. Indeed, it is industrial-scale infiltration.

The sophistication curve continues its steep climb. Our telemetry shows an 87% increase in disruptive campaigns targeting Microsoft Azure environments. Credential theft attempts are up 23%, data exfiltration up 58%. We are now tracking early indicators of autonomous malware capable of lateral movement and adaptive behavior without human direction.

What strikes me most is the operational coordination. Through Microsoft Threat Intelligence, we are observing campaigns spanning more than 130 countries where nation-states, criminal syndicates, and commercial mercenaries share infrastructure and tactics. Access brokers have created marketplaces that blur lines between espionage and crime. The models–scalable, resilient, and disturbingly efficient.

From threat awareness to strategic action

Here is the paradox every CISO faces: threats are accelerating, yet our defensive capabilities have never been stronger. The gap is not technology. The gap is in how we think about and operationalize security. Legacy approaches that separate security from business strategy, that prioritize prevention over resilience, that treat threat incidents as failures rather than inevitable events—these mindsets are now liabilities.

The path forward requires fundamental shifts:

Security as a business enabler, not a control point. We just embed security into every business process, from product development to supply chain management. When security becomes integral to how organizations operate, rather than a gate they must pass through, we move faster while managing risk more effectively. This is not about lowering standards. This is about building security into the foundation rather than adding it as a façade.

Resilience as the primary objective. The question isn’t if an incident will occur, but how quickly we can detect, contain, and recover from it. When cyberattacks execute in seconds and compromises happen within 48 hours, our response capabilities must match that velocity. This means tested playbooks, empowered teams, and automated response mechanisms that operate at machine speed.

Intelligence and automation as force multipliers. The same AI technologies that let cyberattackers scale operations can amplify our defense capabilities—if we deploy them strategically. Automation is not about replacing security teams. It is about letting them operate at the speed and scale that modern threats demand.

The evolved CISO mandate

The role of the CISO has fundamentally expanded. We are no longer purely technologists. We are risk managers, strategic advisors, and organizational change agents. The board needs us to translate technical cyberthreats into business risks and resilience strategies into competitive advantages.

This evolution demands new capabilities:

Cross-functional leadership that transcends IT. When a social engineering attack can compromise an organization in seconds, response requires coordinated actions across IT, legal, human resources, communications, and executive leadership. We must build these partnerships before the crisis, not during it.

Continuous adaptation as operational discipline. The 48-hour container compromise window and the instant infection vectors we are seeing mean that continuous monitoring, regular testing, and rapid iteration are not best practices. They are survival requirements. Our defenses, policies, and response capabilities must evolve as quicky as threats.

Governance that anticipates regulatory evolution. As governments increase transparency requirements and impose consequences for malicious activity, we must ensure our organizations can meet both the letter and the spirit of emerging regulations. This includes understanding third-party risks, from access brokers to embedded cyberthreats in our workforce and supply chains.

Proven strategies for operationalizing security resilience

From our work with customers, own operational experience, and implementation of the Secure Future Initiative (SFI), three priorities rise to the top:

Modern identity controls are non-negotiable. With 97% of identity attacks targeting passwords, phishing-resistant MFA fundamentally alters the risk equation. This isn’t about adding layers—it’s about eliminating entire attack vectors. Organizations that deploy phishing-resistant authentication see dramatic reductions in successful compromises.

Incident response readiness determines outcome. When attacks move at machine speed, response time becomes the critical variable. This means regular simulations, tested playbooks, and teams empowered to act decisively. We must practice for the scenarios we’ll face, not the ones we hope to avoid. The organizations that recover fastest are those that have failed in simulation and learned before the real event.

Collective defense is no longer optional. Against campaigns spanning more than 130 countries and cyberattacker ecosystems sharing infrastructure, isolated defense is ineffective. Intelligence sharing, collaborative best practices, and sector-wide coordination are force multipliers that benefit everyone. The cyberthreats we face are too sophisticated and too coordinated for any organization to defend alone.

We’ve been applying these same principles internally through our Secure Future Initiative. Rather than keep our implementation lessons internal, we’re publishing the actual patterns and practices we’ve used—the specific approaches that worked, the trade-offs we encountered, and the practical steps other organizations can adapt. The SFI patterns and practices library includes detailed guidance on challenges like securing multi-tenant environments, protecting software supply chains, and implementing Zero Trust for source code access.

What I appreciate about these patterns is that they are written by practitioners who have actually implemented them. Each one outlines the problem, explains how we solved it internally at Microsoft, and provides recommendations that you can evaluate for your own environment. No glossy overviews—just the operating details of what worked and what did not.

Steps to strengthen resilience and response across your organization 

The acceleration we are witnessing—cyberattack speed, operational scale, and technical sophistication—demands an equivalent acceleration in our response. This is not about working harder; it’s about working differently. It means treating AI and automation as operational imperatives, not future projects. It means building identity security as foundational infrastructure, not a compliance checkbox. It means developing incident response capabilities that match the velocity of modern cyberattacks.

Most fundamentally, it means embracing our evolved role as CISOs. We are architects of organizational resilience in an era where cyberthreats move at machine speed and span continents. This requires equal parts of technical depth, strategic vision, and collaborative leadership.

The cyberthreat landscape will continue to evolve. Our mandate is to evolve faster, to build organizations that are not just secure but resilient, adaptive, and prepared for whatever comes next. That is the challenge facing every CISO today. It is also the opportunity to build something stronger than what came before.

For a detailed and comprehensive analysis, explore the full Microsoft Digital Defense Report 2025.

Microsoft Deputy CISOs

To hear more from Microsoft Deputy CISOs, check out the OCISO blog series.

To stay on top of important security industry updates, explore resources specifically designed for CISOs, and learn best practices for improving your organization’s security posture, join the Microsoft CISO Digest distribution list.

Learn more with Microsoft Security

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post The CISO imperative: Building resilience in an era of accelerated cyberthreats appeared first on Microsoft Security Blog.

Over the past year, we’ve made significant strides through the Secure Future Initiative (SFI), embedding security into every layer of our engineering practices. But just as critical has been our transformation in how we educate and engage our employees. We revamped our employee security training program to tackle advanced cyberthreats like AI-enabled attacks and deepfakes. We launched the Microsoft Security Academy to empower our employees with personalized learning paths that create a relevant experience. We’ve made security culture a company-wide imperative, reinforcing vigilance, embedding secure habits into everyday work, and achieving what technology alone cannot. It is more than a mindset shift; it’s a company-wide movement, led from the top and setting a new standard for the industry.

To help other organizations take similar steps, we are introducing two new guides—focused on identity protection and defending against AI-enabled attacks—that offer actionable insights and practical tools. These resources are designed to help organizations rethink their approach in order to move beyond 101-level content and build a culture of security that is resilient, adaptive, and people-powered. Because in cybersecurity, culture is more than a defense—it is the difference between reacting to cyberthreats and staying ahead of them.

Training for proactive security: Empowering employees in a new era of advanced threats

Security is the responsibility of every Microsoft employee, and we’ve taken deliberate steps to make that responsibility tangible and actionable. Over the past year, we’ve worked hard to reinforce a security-first mindset throughout every part of the company—from engineering and operations to customer support—ensuring that security is a shared responsibility at every level. Through redesigned training, personalized guidance, regular feedback loops, and role-specific expectations, we are fostering a culture where security awareness is both instinctive and mandatory.

As cyberattackers become increasingly sophisticated, using AI, deepfakes, and social engineering, so must the way we educate and empower employees. The security training team at Microsoft has overhauled its annual learning program to reflect this urgency. Our training is thoughtfully designed to be even more accessible and inclusive, built from empathy for all job roles and the work they do. This helps ensure that all employees, regardless of background or technical expertise, can fully engage with the content and apply it in meaningful ways. The result is a lasting security culture that employees not only embrace in their work but also carry into their personal lives.

To ensure our lasting security culture is rooted in real-world cyberthreats and tactics, we’ve continued to push our Security Foundations series to feature dynamic, threat-informed content and real-world scenarios. We’ve also updated training content in traditional topics like phishing, identity spoofing, and AI-enabled cyberattacks like deepfakes. All full-time employees and interns are required to complete three sessions annually (90 minutes total), with newly created content every year.

Security training must resonate both in the workplace and at home to create a lasting impact. That is why we equip employees with a self-assessment tool that delivers personalized, risk-based feedback on identity protection, along with tailored guidance to help safeguard their identities—both on the job and in their personal lives.

The ingredients for successful security training

At Microsoft, the success of our security training programs hinges on several crucial ingredients: fresh, risk-based content; collaboration with internal experts; and a relentless focus on relevance and employee satisfaction. Rather than recycling old material, we rebuild our training from the ground up each year, driven by the changing cyberthreat landscape—not just compliance requirements. Each annual program begins with a risk-based approach informed by an extensive listening network that includes internal experts in threat intelligence, incident response, enterprise risk, security risk, and more. Together, we identify the top cyberthreats where employee judgment and decision-making are essential to keeping Microsoft secure—and how those cyberthreats are evolving.

Take social engineering, for instance. This topic is a consistent inclusion in our training because around 80% of security incidents start with a phishing incident or identity compromise. But we are not teaching phishing 101, as we expect our employees already have foundational awareness of this cyberthreat. Instead, we dive into emerging identity threats, real-world cyberattack scenarios, and examples of how cyberattackers are becoming more sophisticated and scaling faster than ever.

The impact we are making on the security culture at Microsoft is not by chance, nor is it anecdotal. The Education and Awareness team within the Office of the Chief Information Security Office (OCISO) applies behavioral science, adult learning theory, and human-centered design to the development of every Security Foundations course. This ensures that training resonates, sticks, and empowers behavioral change. We also continually measure learner satisfaction and content relevancy, both of which have climbed significantly in recent years. We attribute this positive change to the continual innovation and evolution of our content and the increased attention we pay to the learning and cultural needs of our employees.

This was one of the best Security Foundations that I’ve taken, well done! The emphasis on deepfake possible attacks was enlightening and surprising, I thought it was a great choice to actually deepfake [our actor] to show how real it sounds and show in real time what is possible to get that emphasis. The self-assessment was also great in terms of showing the areas that I need to work on and use more caution.

—Microsoft employee

Today, engagement with the Security Foundations training is strong, with 99% of employees completing each course. Learner satisfaction continues to climb, with the net satisfaction score rising from 144 in fiscal year (FY) 2023 to 170 today. Relevancy scores have followed a similar trend, increasing from 144 in FY 2023 to 169 today.¹ These scores reflect that our employees view the security training content as timely, applicable, and actionable.

Microsoft leadership sets the tone

Our security culture change started at the top, with Chief Executive Officer (CEO) Satya Nadella mandating that security be the company’s top priority. His directive to employees is clear: when security and other priorities conflict, security must always take precedence. Chief People Officer (CPO) Kathleen Hogan reinforced this commitment in a company-wide memo, stating, “Everyone at Microsoft will have security as a Core Priority. When faced with a tradeoff, the answer is clear and simple: security above all else.”

The Security Core Priority continues to enhance employee training around security at Microsoft. As of December 2024, every employee had a defined Security Core Priority and discussed their individual impact during performance check-ins with their manager. Hogan explains that this isn’t a one-time pledge, but a non-negotiable, ongoing responsibility shared by every employee. “The Security Core Priority is not a check-the-box compliance exercise; it is a way for every employee and manager to commit to—and be accountable for—prioritizing security, and a way for us to codify your contributions and to recognize you for your impact,” she said. “We all must act with a security-first mindset, speak up, and proactively look for opportunities to ensure security in everything we do.”

This commitment is embedded in how Microsoft governs and operates at the highest levels. Over the past year, the senior leadership team at Microsoft has focused on evaluating the state of our security culture and identifying ways to strengthen it. Security performance is reviewed at weekly executive meetings with deep dives into each of the six pillars of our Secure Future Initiative. The Board of Directors receives regular updates, reinforcing the message that security is a board-level concern. We’ve also reinforced our commitment to security by directly linking leadership compensation to security outcomes—elevating security to the same level of importance as growth, innovation, and financial performance. By using executive compensation as an accountability mechanism tied to specific security performance metrics, we’ve driven measurable improvements, especially in areas like secret hygiene across our code repositories.

Reinforcing security culture through engagement and hiring

Security culture is not built in a single training session; it is sustained through continuous engagement and visible reinforcement. To keep security top-of-mind, Microsoft runs regular awareness campaigns that revisit core training concepts and share timely updates across the company. These campaigns span internal platforms like Microsoft SharePoint, Teams, Viva Engage, and global digital signage in offices. This creates a consistent drumbeat that embeds security into daily workflows through reminders that reinforce key behaviors.

Launching fall 2025, the global security ambassador program will activate a grassroots network of trusted advocates within teams and departments across organizations and geographies. With a goal of reaching at least 5% employee participation, these ambassadors will serve as local champions, helping amplify initiatives, offering peer-to-peer guidance, and offering valuable feedback from the front lines. This approach not only sustains engagement but ensures Microsoft’s security strategy is informed by real-world insights from across the organization. As cyberattackers continue to grow more advanced, our employees must constantly learn and adapt. For this reason, security is a continuous journey that requires a culture of continuous improvement, where lessons from incidents are used to update policies and standards, and where employee feedback helps shape future training and engagement strategies.

Security culture is only as strong as the people who live it. That is why Microsoft is investing heavily in talent to scale its defenses through upskilling and hiring. Through the resulting increase in security engineers, we are making sure that every team, product, and customer benefits from the latest in security thinking and expertise.

Embedding security into engineering

The company leadership sets the vision, but real transformation happens when security is woven into our engineering. We are moving beyond simply applying security frameworks—reengineering how we design, test, and operate technology at scale. To drive this shift, we’ve aligned our engineering practices with the Protect Engineering Systems pillar of SFI, embedding security into every layer of development, from identity protection to threat detection. Our Microsoft Security Development Lifecycle (SDL), once published as a standalone methodology, is now deeply integrated into the Secure by Design pillar of SFI, ensuring security is part of the process, from the first line of code to final deployment.

We’ve embedded DevSecOps and shift-left strategies throughout our development lifecycle, backed by new governance models and accountability structures. Every engineering division now has a Deputy Chief Information Security Officers (CISO) responsible for embedding security into their workflows. These practices reduce costs, minimize disruption, and ultimately lead to more resilient products.

Under SFI, security is treated as a core attribute of product innovation, quality, innovation, and trust. And as Microsoft redefines how security is built into engineering, we are also transforming how it is lived. This means providing every employee with the awareness and agility needed to counter the most advanced cyberthreats.

Security culture as a matter of business trust

For Microsoft, a strong security culture helps us protect internal systems and uphold customer and partner trust. With a global presence, broad product footprint, and a customer base that spans nearly all industries, even a single lapse can have impact at a scale where even a single security lapse can have wide-reaching implications. Embedding security into every layer of the company is both complex and essential—and involves more than just cutting-edge tools or isolated policies. Our security-first employee mindset views security not as a discrete function, but as something that informs every role, decision, and workflow. And while tools are indispensable in addressing technical cyberthreats, it is culture that ensures those tools are consistently applied, refined, and scaled across the organization.

Paving the road ahead for lasting security culture

The famous quote attributed to renowned management consultant Peter Drucker that “culture eats strategy for breakfast” holds especially true in cybersecurity. No matter how well-designed a security strategy may be, it can’t succeed without a culture that supports and sustains it. Ultimately, the formula for proactive security at Microsoft is built on three connected elements: people, process, and culture. And although we’ve made meaningful progress on all three fronts, the work is never finished. The cybersecurity landscape is constantly shifting, and with each new challenge comes an opportunity to adapt, improve, and lead.

The decision by Microsoft to treat security not as an isolated discipline, but as a foundational value—something that informs how products are built, how leaders are evaluated, and how employees across the company show up every day—is a core aspect of SFI. This initiative has already led to measurable improvements, including the appointment of Deputy CISOs across engineering divisions, the redesign of employee training to reflect AI-enabled threats, and the coming launch of grassroots programs like the global Security Ambassador program.

The Microsoft Secure Future Initiative is our commitment to building a lasting culture that embeds security into every decision, every product, and every employee mindset. We invite others to join us and transform how security is lived. Because in the current threat landscape, culture is not just a defense—it makes the difference.

Culture in practices: Tools to build a security-first mindset

To reinforce a security-first mindset across work and home, we’ve developed the following resources for our internal employees. We are also making them available for you to help drive the same commitment in your organization.

• Identity Protection Guide—Critical identity protection practices for reduce your risk of cyberattacks” of a cyberattack, at work and at home.
• Security Foundations: Guarding Against AI-Powered Attacks—A reference guide to spotting and protecting yourself against AI-powered cyberattacks.

Microsoft Deputy CISOs

To hear more from Microsoft Deputy CISOs, check out the OCISO blog series.

To stay on top of important security industry updates, explore resources specifically designed for CISOs, and learn best practices for improving your organization’s security posture, join the Microsoft CISO Digest distribution list.

To learn more about Microsoft Security solutions, go to our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft internal data

The post Building a lasting security culture at Microsoft appeared first on Microsoft Security Blog.

This next set of SFI patterns and practices articles include practical, actionable guidance built by practitioners, for practitioners, in the areas of network, engineering systems, and security response. Each of the six articles includes details on how Microsoft has improved our security posture in each area so customers, partners, and the broader security community can do the same.

More about SFI patterns and practices

Just as software design patterns provide reusable solutions to common engineering problems, SFI patterns and practices offer repeatable, proven approaches to solving complex cybersecurity challenges. Each pattern is crafted to address a specific security risk—legacy infrastructure or inconsistent CI/CD pipelines—and is grounded in Microsoft’s own experience. Like design patterns in software architecture, these security patterns are modular, extensible, and built for reuse across diverse environments.

Additionally, each pattern in the SFI patterns and practices library follows a consistent and purposeful structure. Every article begins with a pattern name—a concise handle that captures the essence of the cybersecurity challenge. The problem section outlines the security risk and its real-world context, helping readers understand why it matters. The solution describes how Microsoft addressed the issue internally. The guidance section provides practical recommendations that customers can consider applying in their own environments. Finally, the implications section outlines the outcomes and trade-offs of implementing the pattern, helping organizations anticipate both the benefits and the operational considerations.

This structure offers a framework for understanding, applying, and evolving security practices.

Next steps with SFI

Security is a journey, and Microsoft is committed to sharing our insights from SFI. Watch for more actionable advice in coming months. SFI patterns and practices provide a roadmap for putting secure architecture into practice. Embracing these approaches enables organizations to advance their security posture, minimize deployment hurdles, and establish environments that are secure by design, by default, and in operations.

To get access to the full library, visit our new SFI patterns and practices webpage. And check out the new SFI video on our redesigned website to hear directly from Microsoft leadership about how we are putting security above all else.

Let’s build a secure future, together

Talk to your Microsoft account team to integrate these practices into your roadmap.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. 

The post New Microsoft Secure Future Initiative (SFI) patterns and practices: Practical guides to strengthen security appeared first on Microsoft Security Blog.

As part of the Microsoft Secure Future Initiative (SFI), we have committed to embed security into every layer of our technology, culture, and governance—placing security above all else. Since its launch in November 2023, SFI has mobilized the equivalent of more than 34,000 engineers to proactively reduce risk and strengthen security across Microsoft and the products and services we offer our customers. A great example of this is mitigating advanced multifactor authentication attacks, where phishing-resistant multifactor authentication now protects 100% of production system accounts and 92% of employee productivity accounts. In addition, we continue to reduce the risk of compromise during new employee setup by enforcing video-based verification, now at 99%.¹

Enabling your security-first approach

This year, we have also developed new resources and tools to support security professionals in keeping their organizations secure, particularly as we enter this next era of AI. Building upon our learnings with SFI, we have created SFI patterns and practices, which is a new library of actionable guidance designed to help organizations implement security at scale.

In addition to best practices for security professionals, we continue to add articles to our Be Cybersmart Kit, which is a great starting point for security professionals that need to educate their organizations on how to be safe. The Be Cybersmart Kit contains articles on AI safety, device security, domain impersonation, fraud, secure sign-in, and phishing. The kit is just one of the many resources available on the Microsoft Cybersecurity Awareness site. 

Be Cybersmart

Help educate everyone in your organization with cybersecurity awareness resources and training curated by the security experts at Microsoft.

Get the Be Cybersmart Kit.

Those seeking more in-depth resources can access expert-level learning paths, certifications, and technical documentation to continue their cybersecurity education. And for students pursuing the field of cybersecurity, the Microsoft Cybersecurity Scholarship Program and educational opportunities like Microsoft Elevate are here to help. The goal of all these programs is to help foster a culture that puts security and continuous learning first for students and professionals alike.

Security-first in action: Franciscan Alliance

The organization conducts monthly phishing simulations and quarterly assessments to expose staff to realistic scenarios consistently. Employees who do not pass the quarterly assessments are provided with additional training rather than being penalized, which supports a culture centered on learning and development. Training programs incorporate gamification elements to enhance accessibility and retention. Additionally, employees receive a monthly newsletter covering relevant security topics that support safe practices both professionally and personally.

During Cybersecurity Awareness Month, weekly editions are distributed, along with timely updates on emerging threats, including breaches and attacks. Franciscan Alliance also organizes threat briefings in partnership with external partners and utilizes resources such as Microsoft’s Cybersecurity Awareness materials to inform its training initiatives.

Developing security competencies in the age of AI

Additionally, Microsoft’s Chief Product Officer of Responsible AI Sarah Bird will moderate the panel, “Cyber and AI, Strategic Risk and Competitive Advantage,” at the NASDAQ Summit on October 21, 2025, at the New York Stock Exchange, where industry experts will provide guidance on governance and security for AI. In this session, experts will discuss real-world use cases, regulatory developments, and the strategic implications of integrating AI into enterprise environments. Events such as these are incredible opportunities for executives to deepen their understanding and lead with confidence in the age of AI.

Make the most out of Cybersecurity Awareness Month

We hope that these resources provide you with the learning, training, and confidence to set you and your organizations up for success—both this month and beyond. Now is the time to build a culture with a security-first mindset by making security part of your daily habits at work, home, and everywhere else. A security-first mindset means staying informed, proactively protecting digital assets, and encouraging others to do the same. Security is a team sport. By promoting vigilance and shared responsibility, we can create a safer world for all.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹April 2025 SFI progress report.

The post Cybersecurity Awareness Month: Security starts with you appeared first on Microsoft Security Blog.

We’re excited to launch Microsoft Secure Future Initiative (SFI) patterns and practices: a new library of actionable guidance designed to help organizations implement security measures at scale.

This launch marks the next step in our journey to make our SFI learnings practical for our customers, partners, and broader security ecosystem. These patterns and practices draw from a range of proven security architectures and best practices—including, but not limited to, Zero Trust—operationalized to protect Microsoft’s infrastructure and now shared to help you do the same.

Why SFI patterns and practices matter

Since launching the Secure Future Initiative (SFI) in November 2023, we’ve mobilized the equivalent of more than 34,000 engineers to mitigate risk and improve security for Microsoft and our customers.¹ Guided by three security principles—secure by design, by default, and in operations—we have made measurable progress in the areas of culture, governance, and our six engineering pillars. Still there is more to do and teams across the company are working to improve security of every product, address learnings from every incident, and continuously improve our methods and practices.

Additionally, we have heard feedback from customers and partners that want us to share how we are improving security at Microsoft, not just at the strategic architecture level but also at the implementation and practical level. That’s where SFI patterns and practices library comes into play.

What’s in the first wave of SFI patterns and practices?

We are launching the first wave of eight pattern and practice articles that help solve the most asked-for, urgent, and complex challenges faced by security practitioners today:

Introducing SFI patterns and practices taxonomy

Just as software design patterns provide reusable solutions to common engineering problems, SFI patterns and practices offer repeatable, proven approaches to solving complex cybersecurity challenges. Each pattern is crafted to address a specific security risk—whether it’s identity lateral movement, legacy infrastructure, or inconsistent continuous integration and continuous delivery (CI/CD) pipelines—and is grounded in Microsoft’s own experience. Like design patterns in software architecture, these security patterns are modular, extensible, and built for reuse across diverse environments.

Additionally, each pattern in the SFI patterns and practices library follows a consistent and purposeful structure. Every article begins with a pattern name—a concise handle that captures the essence of the cybersecurity challenge. The problem section outlines the security risk and its real-world context, helping readers understand why it matters. The solution describes how Microsoft addressed the issue internally. The guidance section provides practical recommendations that customers can consider applying in their own environments. Finally, the implications section outlines the outcomes and trade-offs of implementing the pattern, helping organizations anticipate both the benefits and the operational considerations.

This structure offers a framework for understanding, applying, and evolving security practices.

Joining the SFI patterns and practices journey

SFI patterns and practices is your guide to turning architecture into action. By adopting these patterns, organizations can accelerate their security maturity, reduce implementation friction, and build systems that are more secure by design, default, and in operation.

What’s coming next?

This is just the beginning. In the coming months, we’ll release additional patterns to share more guidance aligned to SFI pillars. Each new pattern will be published on the Microsoft Security blog and on Microsoft’s Secure Future Initiative homepage.

Get started

Explore the first set of patterns:

• Security blog SFI topic page
• Secure by design: A UX toolkit
• Microsoft Security Tech Community blog
• Microsoft Security X account

Let’s build a secure future, together

Talk to your Microsoft account team to integrate these practices into your roadmap.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft Secure Future Initiative Report, November, 2024

The post Sharing practical guidance: Launching Microsoft Secure Future Initiative (SFI) patterns and practices appeared first on Microsoft Security Blog.

In this blog you will hear directly from Microsoft’s Deputy Chief Information Security Officer (CISO) for Experiences and Devices, Naresh Kannan, about eliminating high-privileged access across all Microsoft 365 applications. This blog is part of an ongoing series where our Deputy CISOs share their thoughts on what is most important in their respective domains. In this series you will get practical advice and forward-looking commentary on where the industry is going, as well as tactics you should start (and stop) deploying, and more. 

Microsoft’s Secure Future Initiative (SFI) brings together every part of Microsoft to strengthen cybersecurity protection across our infrastructure, products and services. As part of the Protect Tenants and Isolate Production Systems pillar, one of the key objectives is to ensure continuous least privilege enforcement by eliminating high-privileged access across all Microsoft 365 applications.  

High-privileged access (HPA) occurs when an application or service obtains broad access to customer content, allowing it to impersonate other users without providing any proof of user context. For example, Applications A and B may have a service-to-service (S2S) relationship to deliver a specific customer scenario. Application A owns and manages customer content in its storage. If Application B can access customer content stored in Application A by calling APIs without a user context, then this is categorized as HPA. 

HPA allows for the assumption of any user’s identity within the service, which can substantially increase the security risk in the event of a service compromise, credential mishandling, or token exposure.  

Given that Microsoft 365 applications interact with one another to deliver rich value and empower critical customer business scenarios, it is crucial for Microsoft to ensure all first-party application interactions involve least privilege access. This is applicable in both where the applications are acting on behalf of a user and services that are not acting on behalf of a user.  

Microsoft’s approach to access rights

Eliminating HPA ensures that users and applications have only the necessary access rights. Our strategy within Microsoft’s internal Microsoft 365 environment involved fostering an ‘assume breach’ mindset, with a focus on the stringent enforcement of new standard authentication protocols. With this approach, we have successfully mitigated more than 1,000 high-privilege application scenarios thus far. Achieving this was a monumental cross-functional effort at Microsoft, engaging more than 200 engineers across the company. 

First, we reviewed all existing Microsoft 365 applications and their S2S interactions with all resource providers across the stack. Second, we deprecated legacy authentication protocols that supported HPA patterns. Third, we accelerated the enforcement of new secure authentication protocols to ensure that all S2S interactions operate within the least-privileged scope required to meet the scenarios. 

In many cases, this also required re-engineering the existing architecture and platform to ensure that customer scenarios are accommodated with secure, least privilege access. We ensured that Microsoft 365 first-party applications are interacting with customer content only with the least privilege access. For instance, if Application C has a requirement to read data from specific SharePoint sites, it is granted granular ‘Sites.Selected’ permission rather than ‘Sites.Read.All’ permission. Finally, we have also implemented standardized monitoring systems to identify and report any high-privilege access within Microsoft 365 applications. 

Microsoft security posture recommendations 

To enhance your organization’s security posture, we recommend leveraging the native capabilities of Microsoft 365 and implementing these four best practices for safeguarding environments and ensuring the principle of the least privilege access to applications.  

1. Audit the existing applications that have access to your data—revoke any unused permissions and reduce excessive permissions.  
2. Use the Microsoft Entra identity platform’s consent framework to mandate human consent when applications request access to customer content. Utilize delegated permissions in scenarios where an application acts on behalf of a signed-in user. These permissions allow the application to access resources that the user has access to.  
3. Develop applications with the principle of least-privilege access in mind, throughout all stages of development.  
4. Employ strict audit controls to periodically review all applications and ensure they adhere to the principle of least privilege access.  

Microsoft
Deputy CISOs

To hear more from Microsoft Deputy CISOs, check out the OCISO blog series:

To stay on top of important security industry updates, explore resources specifically designed for CISOs, and learn best practices for improving your organization’s security posture, join the Microsoft CISO Digest distribution list.

Learn more with Microsoft Security

Read this article to understand how to improve security with the principle of least privilege.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. 

The post Enhancing Microsoft 365 security by eliminating high-privilege access  appeared first on Microsoft Security Blog.

In late 2023, Microsoft launched its most ambitious security transformation to date, the Microsoft Secure Future Initiative (SFI).  An initiative with the equivalent of 34,000 engineers working across 14 product divisions, supporting more than 20,000 cloud services on 1.2 million Azure subscriptions, the scope is massive. These services operate on 21 million compute nodes, protected by 46.7 million certificates, and developed across 134,000 code repositories. 

At Microsoft’s scale, the real challenge isn’t just shipping security fixes—it’s ensuring they’re automatically enforced by the platform, with no extra lift from engineers. This work aligns directly to our Secure by Default principle. Durable security is about building systems that apply fixes proactively, uphold standards over time, and engineering teams can focus on innovation rather than rework. This is the next frontier in security resilience.

Why “staying secure” is harder than getting there 

When SFI began, Microsoft made rapid progress: teams addressed vulnerabilities, met key performance indicators (KPIs), and turned dashboards green. Over time, sustaining these gains proved challenging, as some fixes required reinforcement and recurring patterns like misconfigurations and legacy issues began to re-emerge in new projects—highlighting the need for durable, long-term security practices. 

The pattern was clear: security improvements weren’t durable. 

While key milestones were successfully achieved, there were instances where we did not have a clearly defined ownership or built-in features to automatically sustain security baselines. Enforcement mechanisms varied, leading to inconsistencies in how security standards were upheld. As resources shifted post-delivery, this created a risk of baseline drift over time. 

Moving forward, we realized that our teams need to establish explicit ownership, standardize enforcement design, and embed automation at the platform level because it is essential to ensure long-term resilience, reduce operational burden, and prevent regression. 

Engineering for endurance: The making of Microsoft’s durability strategy 

To transform security from a reactive effort into an enduring capability, Microsoft launched a company-wide initiative to operationalize security durability at scale. The result was the creation of the Security Durability Model, anchored in the principle to “Start Green, Get Green, Stay Green, and Validate Green.” This framework is not a slogan—it is a foundational shift in how Microsoft engineers build, enforce, and sustain secure systems across the enterprise. 

At the core of this effort are Durability Architects—dedicated Architects embedded within each division who act as stewards of persistent security. These individuals champion a “fix-once, fix-forever” mindset by enforcing ownership and driving accountability across teams. One example that catalyzed this effort involved cross-tenant access risks through Passthrough Authentication. In this case, users without presence in a target tenant could authenticate through passthrough mechanisms, unintentionally breaching tenant boundaries. The mitigation initially lacked durability and resurfaced until ownership and enforcement were systemically addressed. 

Microsoft also applies a lifecycle framework they call “Start Green, Get Green, Stay Green, Validated Green.” New features are developed in a secure-by-default posture using hardened templates, ensuring they “Start Green.” Legacy systems or existing features are brought into compliance through targeted remediation efforts—this is “Get Green.” To “Stay Green,” ongoing monitoring and guardrails prevent regression. Finally, security is verified through automated reviews, and executive reporting—ensuring enduring resilience. 

Automating for scale and embedding security into engineering culture 

Recognizing that manual security checks cannot scale across an enterprise of this size, Microsoft has heavily invested in automation to prevent regressions. Tools such as Azure Policy automatically enforce best practices like encryption-at-rest or multifactor authentication across cloud resources. Continuous scanners detect expired certificates or known vulnerable packages. Self-healing scripts autocorrect deviations, closing the loop between detection and remediation. 

To embed durability into the operational fabric, review cadences and executive oversight play a critical role. Security KPIs are reviewed at weekly or biweekly engineering operations meetings, with Microsoft’s top leadership, including the Chief Executive Officer (CEO), Executive Vice Presidents (EVPs), and engineering leaders receiving regular updates. Notably, executive compensation is now directly tied to security performance metrics—an accountability mechanism that has driven measurable improvements in areas such as secret hygiene across code repositories. 

Rather than building fragmented solutions, Microsoft focuses on shared, scalable security capabilities. For example, to maintain a clean build environment, all new build queues will now default to a virtualized setup. Customers will not have the option to revert to the classic Artifact Processor (AP) on their own. Once a build is executed in the virtualized CloudBuild environment, any previously allocated resources in the classic CloudBuild will be either decommissioned or reassigned. 

Finally, durability is now a built-in requirement at development gates. Security fixes must not only remediate current issues but be designed to endure. Teams must assign owners, undergo gated reviews or durability, and build enforcement mechanisms. This philosophy has shifted the mindset from one-time patching to long-term resilience.  

The path to durable security: A maturity framework 

Durable security isn’t just about fixing vulnerabilities—it’s about ensuring security holds over time. As Microsoft learned during the early days of its Secure Future Initiative, lasting protection requires organizations to mature operationally, culturally, and technically. The following framework outlines how to evolve toward security durability at scale: 

1. Stages of security durability maturity: Security durability evolves through distinct operational phases that reflect an organization’s ability to sustain and scale secure outcomes, not just achieve them temporarily. 

• Reactive: Durable outcomes are rare. Fixes are implemented manually and inconsistently. Drift and regressions are common due to a lack of enforcement or oversight. 

• Define: Security fixes are codified in basic processes. Teams may implement fixes, but durability is still dependent on individual vigilance rather than systemic support. 

• Managed: Security controls are embedded in standardized workflows. Durable design patterns are introduced. Baseline drift is measured, and early automation begins to prevent regression. 

• Optimized: Durability becomes part of engineering culture. Secure-by-default templates, guardrails, and metrics reduce variance. Real-time enforcement prevents security drift. 

• Autonomous and predictive: Systems proactively enforce durability. AI-assisted controls detect and self-remediate regressions. Durable security becomes self-sustaining and adaptive to change. 

2. Dimensions of security durability: To embed durability across the enterprise, organizations must mature along five integrated dimensions: 

• Resilience to change: Security controls must remain stable even as infrastructure, tools, and organizational structures evolve. This requires decoupling controls from fragile, manual systems. 

• Scalability: Durable security must scale effortlessly across expanding environments, including new regions, services, and team structures—without introducing regressions. 

• Automation and AI readiness: Durability depends on machine-powered enforcement. Manual reviews alone cannot guarantee persistence. AI and automation provide speed, consistency, and fail-safes. 

• Governance integration: Durability must be wired into governance platforms to provide traceability, accountability, and risk closure across the control lifecycle. 

• Sustainability: Durable security solutions must be lightweight and operationally viable. If controls are too burdensome, teams will circumvent them, undermining long-term resilience. 

3. Key milestones in security durability evolution: Microsoft’s implementation of durable security revealed critical transformation points that signal organizational maturity: 

• Establish durable security baselines (identity hygiene, patching, config hardening).

• Enforce controls through automated policy and self-healing. 

• Build durability-aware platforms like Govern Risk Intelligent Platform (GRIP) to track regressions and closure loops. 

• Embed durability reviews into engineering checkpoints and risk ownership cycles.

• Drive a durability mindset across teams—from development to operations. 

• Create feedback loops to evaluate what holds and what regresses over time. 

• Deploy AI-powered agents to detect drift and initiate remediation. 

Each milestone builds a stronger foundation for durability and aligns incentives with sustained security excellence. 

4. Measuring security durability: Tracking the stickiness of security work requires a shift from traditional risk metrics to durability-focused indicators. Microsoft uses the following to monitor progress: 

• Percentage of controls enforced automatically versus manually 

• Baseline drift rate (how often known-good states erode) 

• Mean time to regress (how quickly fixes unravel)

• Volume of self-healing actions triggered and resolved 

• Percentage of fixes that meet “never regress” criteria 

• Durability metadata coverage in systems like GRIP (ownership, status, and closure) 

• Percentage of engineering teams integrated into durability reporting cadences 

Results: From short-term wins to sustained gains 

By February 2025, the durability push resulted in: 

• 100% multi-factor authentication (MFA) enforcement or legacy protocol removal remained stable for months. 

• Teams use real-time dashboards to catch any KPI dips—addressing them before they spiral. 

Where previous improvements faded, new ones held firm—validating the durability model. 

Lessons for any enterprise 

Microsoft’s journey offers valuable takeaways for organizations of all sizes. 

Durability requires programmatic support 

Security doesn’t persist by accident. It needs: 

• Roles for durability and accountability.

• Durable design patterns. 

• Empowering technologies (automation and policy enforcement). 

• Regular leadership and architect reviews. 

• Standardized workflows. 

Teams across security, development, and operations must be aligned and coordinated—using the same metrics, tools, and gates. 

Culture and leadership matter 

Security must be everyone’s job—and leadership must reinforce that relentlessly. At Microsoft, security became part of performance reviews, executive dashboards, and everyday conversation. 

As EVP Charlie Bell put it: “Security is not just a feature, it’s the foundation.” 

That mindset—combined with consistent leadership pressure—is what transforms short-lived security into long-term resilience. 

Security that endures 

The Secure Future Initiative proves that durable security is achievable—even at hyperscale.  

Microsoft is showing that lasting security can be achieved by investing in: 

• People (clear ownership and champions). 

• Processes (repeatable metrics and reviews). 

• Platforms (shared tooling and automation). 

The playbook isn’t just for tech giants. Any organization—whether you’re securing 20 cloud services or 20,000—can adopt the principles of security durability 

Because in today’s cyberthreat landscape, fixing isn’t enough.  

Secure Future Initiative

A new world of security.

Follow along

Learn more with Microsoft Security

To see an example of the Microsoft Durability Strategy in action, read this case study in the appendix below. Learn more about the Microsoft Security Future Initiative and our Secure by Default principle.  

​​To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. 

Microsoft
Deputy CISOs

To hear more from Microsoft Deputy CISOs, check out the OCISO blog series:

To stay on top of important security industry updates, explore resources specifically designed for CISOs, and learn best practices for improving your organization’s security posture, join the Microsoft CISO Digest distribution list.

Appendix: 

Security Durability Case Study 

Eliminating pinned certificates: A durable fix for secret hygiene in MSA apps 

SFI Reference: [SFI-ID4.1.3] 
Initiative Owner: Microsoft Account (MSA) Engineering Team 

Overview 

As part of the Secure Future Initiative (SFI), the Microsoft Account (MSA) team addressed a critical weakness identified through Software Security Incident Response Plans (SSIRPs): the unsafe use of pinned certificates. By eliminating this legacy pattern and embedding preventive guardrails, the MSA team set a new bar for durable secrets management and secure partner onboarding. 

The challenge: Pinned certificates and hidden fragility 

Pinned certificates were once seen as a strong trust enforcement mechanism, ensuring that only specific certificates could be used to establish connections. However, they became a security and operational liability: 

• Difficult to rotate: If a pinned certificate expired or was compromised, coordinating a fast and seamless replacement across services was challenging. 

• Onboarding risk: New services had no safe, scalable path to onboard without replicating this fragile pattern. 

• Lack of durability: Without controls, the risk of regression and repeated misuse remained high. 

The durable fix: Secure by default and enforced by design 

The MSA team implemented a durability-first solution grounded in engineering enforcement and operational pragmatism: 

This “fix-once, fix-forever” approach ensures the issue doesn’t resurface—even as new partners onboard or systems evolve. 

Sustained impact and lifecycle integration 

To maintain progress and ensure no regression, the MSA team aligned remediation with each partner’s SFI KPI milestones. Services were removed from the allow list only after completing their transition, closing the loop with full compliance and operational readiness. 

This work reinforced several Security Durability pillars: 

• Preventive guardrails 

• Owner-enforced controls 

• Security built into the engineering lifecycle 

Lessons and model for the future 

This case is a model for how Microsoft is shifting from reactive security work to systemic, enforceable, and scalable durability models. Rather than patching the same issue repeatedly, the MSA team eliminated the root cause, protected the ecosystem, and created a repeatable blueprint for other risky cryptographic practices. 

Key takeaways 

• Eliminating pinned certificates reduced fragility and boosted long-term resilience. 

• Durable controls were enforced via code, not just process. 

• Gradual deprecation through partner alignment ensured no disruption. 

• This sets a precedent for eliminating insecure patterns across Microsoft platforms. 

The post Building security that lasts: Microsoft’s journey towards durability at scale ​​  appeared first on Microsoft Security Blog.