Nation-states and advanced cybercriminals are making significant investments in infrastructure and automation to intensify familiar cyberattack patterns; password attacks, for example, escalated from 579 incidents per second in 2021¹ to 7,000 in 2024.² These groups are also adopting emerging technologies such as AI to create deepfakes and personalized spear-phishing campaigns that manipulate people into granting unauthorized access.

Adopting proactive defensive measures is the only way to get ahead of such determined efforts to compromise identities and gain access to your environment.

Microsoft is strengthening our own defenses through the Secure Future Initiative (SFI), a multiyear commitment to advance the way we design, build, test, and operate Microsoft technology to ensure it meets the highest possible standards for security. One of our first steps was to conduct a full inventory of our environment and do a thorough “spring cleaning,” deleting 730,000 outdated and non-compliant apps and removing 5.75 million unused or outdated Microsoft Entra ID systems from production and test areas.³ As part of this process, we deeply examined identity and network access controls, addressed top risks, implemented standard practices, and improved our incident response.

We learned from talking with our largest customers that many are dealing with the exact same issues; they’re also assessing their environments to surface potential vulnerabilities and strengthen their defenses. Based on these learnings and on the evolving behavior of threat actors, we’ve identified three priorities for enhancing identity and access security measures for 2025:

1. Start secure, stay secure, and prepare for new cyberthreats.
2. Extend Zero Trust access controls to all resources.
3. Use generative AI to tip the scales in favor of defenders.

1. Start secure, stay secure, and prepare for new cyberthreats

Many organizations struggle to eliminate technical and security debt while continuing to add new users, resources, and applications. While more of our customers are implementing basic identity security measures, such as multifactor authentication, they may still not enforce them everywhere. Moreover, basic measures aren’t enough to protect against advanced identity attacks such as token theft⁴ or adversary-in-the-middle phishing.⁵

It’s essential to understand your entire attack surface, identify all potential entry points, and proactively apply access security that closes any gaps.

Traditional security approaches deploy security tools and measures “as needed.” Unfortunately, the additive approach of starting at 100% open and then dialing up defenses leaves holes that bad actors can exploit and use as launching pads for lateral movement. Reactive security isn’t enough to safeguard your environment. Our guidance for 2025 is to always start at the highest level of security (Secure by Default), then dial back as needed for compatibility or other reasons. It’s also critical to protect all identities: employees, contractors, partners, customers, and, most importantly, machine, service, and AI identities.

To encourage Secure by Default practices with customers, Microsoft last year mandated the use of multifactor authentication across the Microsoft Azure portal, Microsoft Entra admin center, and Microsoft Intune admin center. To complement security defaults, we started rolling out Microsoft-managed Conditional Access policies for all new tenants to ensure you benefit from baseline risk-based security policies that are pre-configured and turned on by default.⁶ Tenants that retain security defaults experience 80% fewer compromised accounts than unprotected tenants, while compromise rates have fallen by 20.5% for Microsoft Entra ID Premium tenants with Microsoft-managed policies enabled.⁶

Outlined below are practical measures that any security leader can implement to improve hygiene and safeguard identities within their organization:

• Implement multifactor authentication: Prioritize phishing-resistant authentication methods like passkeys, which are considered the most secure option currently available. Require multifactor authentication for all applications, including private and legacy ones. Also consider using high-assurance credentials like digital employee IDs with facial matching for workflows such as new employee onboarding and password resets.
• Employ risk-based Conditional Access policies and continuous access evaluation: Configure strong Conditional Access policies that initiate additional security measures, such as step-up authentication, automatically for high-risk sign-ins. Allow only just-enough access, and ideally just-in-time access, to critical resources. Augment Conditional Access with continuous access evaluation to ensure ongoing access checks and to protect against token theft.
• Discover and manage shadow IT: Detect unauthorized apps (also known as shadow IT) and tenants, so you can control access to them. Shadow IT often lacks essential security controls that organizations enforce and manage to prevent compromise. Shadow tenants, often created for development and testing, may lack sufficient security policies and controls. Establish standard processes for creating new tenants that are secure by default and then safely retiring them when they’re no longer needed.
• Secure access for non-human identities: Start by taking an inventory of your workload identities. Replace secrets, credentials, certificates, and keys with more secure authentication, such as managed identities for Azure resources. Implement least privilege and just-in-time access coupled with granular Conditional Access policies for workload identities.  

To get started: Explore Microsoft Entra ID capabilities for multifactor authentication, Conditional Access, continuous access evaluation, and Microsoft Entra ID Protection. Confirm that security defaults or Microsoft-managed Conditional Access Policies are enabled on all your tenants and obtain guidance on the phishing-resistant authentication methods available in Microsoft Entra ID, including passkeys. Use Microsoft Defender for Cloud Apps to discover and manage shadow IT in your Microsoft network. Adopt managed identities for Azure and workload identity federation, and strengthen access controls for non-human identities with Microsoft Entra Workload ID.

2. Extend Zero Trust access controls to all resources

It’s essential to have visibility, control, and governance over who and what has access to your environment, what they’re trying to do, and why. The goal is to enable flexible work while protecting against escalating cyberthreats. This requires extending Zero Trust access controls to every resource and entry point, including legacy on-premises applications and services, legacy devices and infrastructure, and any internet destinations. Consider how you can reduce effort and errors using automation, while also making it easier for security teams to share insights and collaborate.

Outlined below are key strategies for extending Zero Trust access controls to all resources.

• Unify your access policy engines across all users, applications, endpoints, and networks to simplify your Zero Trust architecture. Converge access policies for identity security tools and network security tools to eliminate coverage gaps and enforce more robust access controls.
• Extend modern access controls to all apps and internet resources: Use modern network security tools like Secure Access Service Edge to extend strong authentication, Conditional Access, and continuous access evaluation to legacy on-premises apps, shadow IT apps, and any internet destination. Retire your outdated VPN and configure granular per-app access policies to prevent lateral movement inside your network.
• Enforce least privilege access: Automate your identity and access lifecycle to ensure that all users only have necessary access as they join your organization and change jobs, and that their access is revoked as soon as they leave. Use cloud human resources systems as a source of authority in join-move-leave workflows to enforce real-time access changes. Eliminate standing privileges and require just-in-time access for sensitive workloads and data. Regularly review access permissions to help prevent lateral movement in case of a user identity compromise.

To get started: Explore the Microsoft Entra Suite to secure user access and simplify Zero Trust deployments. Use entitlement management and lifecycle workflows to automate identity and access lifecycle processes. Use Microsoft Entra Private Access to replace legacy VPN with modern access controls, and use Microsoft Entra Internet Access to extend Conditional Access and conditional access evaluation to any resource, including shadow IT apps and internet destinations. Use Microsoft Entra Workload ID to secure access for non-human identities.

3. Use generative AI to tip the scales in favor of defenders

Generative AI is indispensable for staying ahead of cyberthreats in 2025. It helps defenders identify policy gaps, detect risks, and automate processes to strengthen security practices and defend against threats. A recent study found that within three months, organizations using Microsoft Security Copilot experienced a 30.13% reduction in average time to resolve security incidents.⁷ For identity teams, the impact is even more pronounced. IT admins using Copilot in the Microsoft Entra admin center spent 45.41% less time troubleshooting sign-ins, and increased accuracy by 46.88%.⁸

Outlined below are opportunities available to transform the daily work of identity professionals with generative AI:

• Enhance risky user investigations: Investigate identity compromises faster with AI-powered recommendations for proactive mitigation and defense. Use natural language conversations to investigate risky users and to gain insights into elevated risk levels and risky sign-ins.
• Troubleshoot sign-ins: Use natural language conversations to uncover root causes of sign-in failures, interruptions, or multifactor authentication prompts. Automate troubleshooting tasks and let AI discover actionable insights across user details, group details, sign-in logs, audit logs, and diagnostic logs.
• Mitigate app risks: Use intuitive prompts to manage and remediate application risks as well as gain detailed insights into permissions, workload identities, and cyberthreats.

At Microsoft Ignite 2024, we announced the preview of Security Copilot embedded directly into the Microsoft Entra admin center that included new skills to empower identity professionals and security analysts. We’re committed to enhancing Security Copilot to help identity and network security professionals collaborate effectively, respond more swiftly, and get ahead of emerging threats. We encourage you to participate in shaping these tools as we develop them.

To get started: Learn more about getting started with Microsoft Security Copilot.

Our commitment to supporting proactive security measures

By investing in proactive measures in 2025, you can significantly improve your security hygiene and operational resilience. To help you strengthen your defenses, we’re committed to innovating ahead of malicious actors, simplifying security to reduce the burden on security teams, and sharing everything we learn from protecting Microsoft and our customers.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹The passwordless future is here for your Microsoft account, Vasu Jakkal. September 15, 2021.

²Microsoft Digital Defense Report 2024.

³Secure Future Initiative: September 2024 Progress Report, Microsoft.

⁴How to break the token theft cyber-attack chain, Alex Weinert. June 20, 2024.

⁵Defeating Adversary-in-the-Middle phishing attacks, Alex Weinert. November 18, 2024.

⁶Automatic Conditional Access policies in Microsoft Entra streamline identity protection, Alex Weinert. November 3, 2023.

⁷Generative AI and Security Operations Center Productivity: Evidence from Live Operations, Microsoft. November 2024.

⁸Randomized Controlled Trials for Security Copilot for IT Administrators, Microsoft. November 2024.

The post 3 priorities for adopting proactive identity and access security in 2025 appeared first on Microsoft Security Blog.

Tech Community Live: Microsoft Security

Ask us anything about simplified, end-to-end, AI-driven protection with Microsoft Security!

Sign up now

AI transformation requires security transformation 

Before Microsoft Ignite officially began, hundreds of security and IT professionals gathered early for the Microsoft Ignite Security Forum to hear from Microsoft Security product leaders about Microsoft’s threat intelligence and AI research, among other security strategy topics. Then on Day 1 of Microsoft Ignite, the event kicked off with an exciting keynote speech that dove into how Microsoft is creating powerful new opportunities across its platforms as the era of AI takes shape—including in security. Microsoft Chairman and Chief Executive Officer (CEO) Satya Nadella kicked off the keynote’s discussion of security innovations by highlighting changes coming to Microsoft Purview.

“In the age of AI, data governance takes on an even more critical, central, important role,” said Nadella.

The keynote ended with Executive Vice President of Microsoft Security Charlie Bell, joined by Corporate Vice President, Microsoft Security Business, Vasu Jakkal. The two gave an overview of today’s security landscape and the innovations Microsoft Security is driving to help defenders rise to its challenges.

“Security is job number one in the age of AI,” said Jakkal, highlighting that one of the most critical use cases of trustworthy AI is supporting security professionals. Microsoft itself recently put generative AI in the hands of its security teams with Microsoft Security Copilot and used generative AI developed in its research labs to identify potentially-exposed credentials that could have been used by cyberthreat actors. These security leaders also shared how securing and governing AI and the data it uses can help empower AI innovation and to help unify and simplify security for all. 

Among the most exciting news was the announcement that Microsoft Security Exposure Management is now generally available. This new innovative solution provides security professionals with a graph-based approach to proactive threat protection. It dynamically creates a comprehensive view of the entire attack surface, allowing the exploration of assets and their changing relationships with login credentials, permissions, and other ways users connect to company data. This enables more thorough assessments of your organization’s security posture and exposure. 

Microsoft also shared the latest report on the Secure Future Initiative (SFI), prioritizing security above all else, establishing leading governance and frameworks to manage threats at scale, and better deterring even the most powerful and well-funded cyberthreat actors in the world. In part, this will be done through minimizing excessive permissions, reducing credential-related risks, and establishing and maintaining comprehensive asset inventories. 

There was also a lot of interest around Microsoft Security Copilot. Nearly 70% of the Fortune 500 already use Microsoft 365 Copilot.¹ The Copilot stack has already begun empowering users to build even more ambitious products, and this trend is likely to continue with the announcement of Azure AI Foundry, which gives organizations the power to design, customize, and manage next-generation AI apps and agents at scale. Microsoft Security Copilot is now embedded in the Microsoft Entra admin center, delivering new identity management capabilities. The solution will also be adding new capabilities across Microsoft Intune, Microsoft Purview, Azure Logic Apps, and across the Microsoft Partner Ecosystem. 

And during the Microsoft Security General Session, entitled Security Innovation to Strengthen Cyber Defense in the Age of AI, speakers Joy Chik, Rob Lefferts, Michael Wallent, Herain Oberoi, and Vasu Jakkal discussed how AI can be used to enhance cyber defense mechanisms by predicting, detecting, and responding to cyberthreats more efficiently. AI-driven cyberthreat detection, for instance, is already helping to identify patterns and anomalies in network traffic. AI can also enhance automated incident responses to further minimize negative effects on organizations. The session also explored potential future trends in AI and its evolving role in cyber defense strategies. 

Join us for the Microsoft Security Ask Microsoft Anything (AMA) series

Now that the news from Ignite is out, Microsoft Security is keeping all the wonderful conversations started throughout the week going with the Tech Community Live: Microsoft Security edition series of AMA sessions. These sessions will be held on Tuesday, December 3, from 7:00 AM to 11:30 AM PT, and will feature Microsoft subject matter experts—all of whom will be prepared to share in-depth content in their areas of expertise and to answer your technical questions. Each session will be streamed for viewers across LinkedIn, X, and YouTube, but if you have a burning question you want the experts to answer, make sure to add the sessions to your calendar to join the discussions live on Tech Community.  

Here’s a quick summary of each AMA session, including when it will be taking place and what will be covered: 

7:00 to 8:00 AM PT: Security Copilot   

We’ll be jumping into Microsoft Security Copilot bright and early. Find out how to respond to cyberthreats quickly and assess risk exposure in minutes. The product team will also be sharing how to help you configure Security Copilot and process signals at machine speed, while saving time for any questions you need answers to.

Take a look at these Ignite sessions that might interest you about Security Copilot:

• Optimize with Security Copilot: Real-world insights and expert advice 
• Transform your security with GenAI innovations in Security Copilot 
• One goal, many roles: Microsoft Security Copilot use cases for all 
• Security Partner Growth: Harness the Power of AI in Security Copilot 

8:00 to 8:30 AM PT: Microsoft Entra Suite  

Next up, you can join our panel of experts ready to field questions about the Microsoft Entra Suite. Whether you want to secure access for your employees and extend Conditional Access across your cloud-native and on-premises apps or want to retire old VPNs and automate your organization’s identity lifecycle workflows, our panel will be ready to share insights, best practices, and how Microsoft identity and network access solutions can help.   

Explore Ignite sessions about Entra Suite:

• Security Innovation to Strengthen Cyber Defense in the Age of AI 
• Secure access for any identity to any resource with Microsoft Entra 
• Secure access for your workforce with the new Microsoft Entra Suite 
• Security Partner Growth: The Power of Identity with Entra Suite 

8:30 to 9:00 AM PT: Microsoft Defender for Cloud  

By mid-morning, we’ll have a panel of experts diving into the latest Microsoft Defender for Cloud recommendations and answering your feature-specific questions.  

Ignite sessions worth checking out for Defender for Cloud:

• Mitigate threats using Microsoft Defender for Cloud 
• Secure Azure services and workloads with Microsoft Defender for Cloud 
• Future-proofing AI-driven migrations with Microsoft Defender for Cloud 

9:00 to 9:30 AM PT: Security Service Edge (SSE) 

Join us to explore Microsoft’s Security Service Edge (SSE) partner ecosystem, where we collaborate with top industry leaders to deliver integrated, identity-centric solutions for enhanced security and seamless connectivity. Ask Microsoft Anything about Global Secure Access, learn how our partnerships are simplifying security and networking, and gain insights related to supporting your hybrid workforce effectively.  

Check out these relevant Ignite sessions and blogs covering SSE:

• Microsoft partners for new SASE ecosystem | Microsoft Community Hub 
• Microsoft and Netskope: Unified, identity-centric security | Microsoft Community Hub 
• Accelerate your Zero Trust Journey: Unify Identity and Network Access

9:30 to 10:30 AM PT: Microsoft Security Exposure Management   

Microsoft Security Exposure Management can help experts responsible for maintaining a strong security posture at their organization gain a unified view of their cyberattack surface, investigate cyberattack paths, manage exposure, and better safeguard critical assets. Learn how to get ahead of cyberattackers in this AMA. 

Must-see Ignite sessions featuring Exposure Management:

• Microsoft Ignite Keynote 
• Security Innovation to Strengthen Cyber Defense in the Age of AI 
• Proactive security with continuous exposure management  

10:30 to 11:30 AM PT: Security for AI  

AI adoption is a popular and important topic this year, so join us to prepare your infrastructure to securely adopt AI, to learn the best ways to protect your AI stack and sensitive data, or if you have your own important AI security questions. Microsoft experts on this panel will help you confidently embrace the age of AI with industry-leading cybersecurity and compliance solutions. 

Ignite sessions you may have missed highlighting Security for AI: 

• Security Innovation to Strengthen Cyber Defense in the Age of AI 
• Secure and govern custom AI built on Azure AI and Copilot Studio 
• Secure and govern data in Microsoft 365 Copilot and beyond 
• Scott and Mark learn responsible AI  

Learn more with Microsoft Security

Whether you were at Ignite or not, this live, interactive Tech Community event is one not to miss. And remember that you can also listen in as part of our cross-platform audience or watch any of the sessions at a later time, on-demand.  

And if you’re curious to learn more about the security news and solutions we shared at Ignite, check out the security session recordings.  

​​To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. 

¹Ignite 2024: Why nearly 70% of the Fortune 500 now use Microsoft 365 Copilot, Nov 19, 2024

The post ​​Follow-up on Ignite with Ask Microsoft Anything: Microsoft Security edition​​ appeared first on Microsoft Security Blog.

At Microsoft, we remain steadfast in our commitment to security, which continues to be our top priority. Through our Secure Future Initiative (SFI), we’ve dedicated the equivalent of 34,000 full-time engineers to the effort, making it the largest cybersecurity engineering project in history—driving continuous improvement in our cyber resilience. In our latest update, we share insights into the work we are doing in culture, governance, and cybernorms to promote transparency and better support our customers in this new era of security. For each engineering pillar, we provide details on steps taken to reduce risk and provide guidance so customers can do the same.

Insights gained from SFI help us continue to harden our security posture and product development. At Microsoft Ignite 2024, we are pleased to unveil new security solutions, an industry-leading bug bounty program, and innovations in our AI platform. 

Transforming security with graph-based posture management 

Microsoft’s Security Fellow and Deputy Chief Information Security Office (CISO) John Lambert says, “Defenders think in lists, cyberattackers think in graphs. As long as this is true, attackers win,” referring to cyberattackers’ relentless focus on the relationships between things like identities, files, and devices. Exploiting these relationships helps criminals and spies do more extensive damage beyond the point of intrusion. Poor visibility and understanding of relationships and pathways between entities can limit traditional security solutions to defending in siloes, unable to detect or disrupt advanced persistent threats (APTs).

We are excited to announce the general availability of Microsoft Security Exposure Management. This innovative solution dynamically maps changing relationships between critical assets such as devices, data, identities, and other connections. Powered by our security graph, and now with third-party connectors for Rapid 7, ServiceNow, Qualys, and Tenable in preview, Exposure Management provides customers with a comprehensive, dynamic view of their IT assets and potential cyberattack paths. This empowers security teams to be more proactive with an end-to-end exposure management solution. In the constantly evolving cyberthreat landscape, defenders need tools that can quickly identify signal from noise and help prioritize critical tasks.  

Beyond seeing potential cyberattack paths, Exposure Management also helps security and IT teams measure the effectiveness of their cyber hygiene and security initiatives such as zero trust, cloud security, and more. Currently, customers are using Exposure Management in more than 70,000 cloud tenants to proactively protect critical entities and measure their cybersecurity effectiveness.

Announcing $4 million AI and cloud security bug bounty “Zero Day Quest” 

Born out of our Secure Future Initiative commitments and our belief that security is a team sport, we also announced Zero Day Quest, the industry’s largest public security research event. We have a long history of partnering across the industry to mitigate potential issues before they impact our customers, which also helps us build more secure products by default and by design.  

Every year our bug bounty program pays millions for high-quality security research with over $16 million awarded last year. Zero Day Quest will build on this work with an additional $4 million in potential rewards focused on cloud and AI—— which are areas of highest impact to our customers. We are also committed to collaborating with the security community by providing access to our engineers and AI red teams. The quest starts now and will culminate in an in-person hacking event in 2025.

As part of our ongoing commitment to transparency, we will share the details of the critical bugs once they are fixed so the whole industry can learn from them—after all, security is a team sport. 

New advances for securing AI and new skills for Security Copilot 

AI adoption is rapidly outpacing many other technologies in the digital era. Our generative AI solution, Microsoft Security Copilot, continues to be adopted by security teams to boost productivity and effectiveness. Organizations in every industry, including National Australia Bank, Intesa Sanpaolo, Oregon State University, and Eastman are able to perform security tasks faster and more accurately.² A recent study found that three months after adopting Security Copilot, organizations saw a 30% reduction in their mean time to resolve security incidents. More than 100 partners have integrated with Security Copilot to enrich the insights with ecosystem data. New Copilot skills are now available for IT admins in Microsoft Entra and Microsoft Intune, data security and compliance teams in Microsoft Purview, and security operations teams in the Microsoft Defender product family.   

According to our Security for AI team’s new “Accelerate AI transformation with strong security” white paper, we found that over 95% of organizations surveyed are either already using or developing generative AI, or they plan to do so in the future, with two thirds (66%) choosing to develop multiple AI apps of their own. This fast-paced adoption has led to 37 new AI-related bills passed into law worldwide in 2023, reflecting a growing international effort to address the security, safety, compliance, and transparency challenges posed by AI technologies.³ This underscores the criticality of securing and governing the data that fuels AI. Through Microsoft Defender, our customers have discovered and secured more than 750,000 generative AI app instances and Microsoft Purview has audited more than a billion Copilot interactions.⁴  

Microsoft Purview is already helping thousands of organizations, such as Cummins, KPMG, and Auburn University, with their AI transformation by providing data security and compliance capabilities across Microsoft and third-party applications. Now, we’re announcing new capabilities in Microsoft Purview to discover, protect, and govern data in generative AI applications. Available for preview, new capabilities in Purview include Data Loss Prevention (DLP) for Microsoft 365 Copilot, prevention of data oversharing in AI apps, and detection of risky AI use such as malicious intent, prompt injections, and misuse of protected materials. Additionally, Microsoft Purview now includes Data Security Posture Management (DSPM) that gives customers a single pane of glass to proactively discover data risks, such as sensitive data in user prompts, and receive recommended actions and insights for quick responses during incidents. For more details, read the blog on Tech Community. 

Microsoft continues to innovate on our end-to-end security platform to help defenders make the complex simpler, while staying ahead of cyberthreats and enabling their AI transformation. At the same time, we are continuously improving the safety and security of our cloud services and other technologies, including these recent steps to make Windows 11 more secure. 

Next steps with Microsoft Security

From the advances announced to our daily defense of customers, and the steadfast dedication of Chief Executive Officer (CEO) Satya Nadella and every employee, security remains our top priority at Microsoft as we deliver on our principles of secure by design, secure by default, and secure operations. To learn more about our vision for the future of security, tune in to the Microsoft Ignite keynote. 

Microsoft Ignite 2024

Gain insights to keep your organizations safer with an AI-first, end-to-end cybersecurity approach.

Register now

Are you a regular user of Microsoft Security products? Review your experience on Gartner Peer Insights™ and get a $25 gift card. To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. 

¹ Microsoft Digital Defense Report 2024.

² Microsoft customer stories:

• National Australia Bank invests in an efficient, cloud-managed future with Windows 11 Enterprise
• Intesa Sanpaolo accrues big cybersecurity dividends with Microsoft Sentinel, Copilot for Security
• Oregon State University protects vital research and sensitive data with Microsoft Sentinel and Microsoft Defender
• Eastman catalyzes cybersecurity defenses with Copilot for Security

³ How countries around the world are trying to regulate artificial intelligence, Theara Coleman, The Week US. July 4, 2023.

⁴ Earnings Release FY25 Q1, Microsoft. October 30, 2024.

The post AI innovations for a more secure future unveiled at Microsoft Ignite appeared first on Microsoft Security Blog.

A focus on security above all else 

At Microsoft, we recognize our unique responsibility in safeguarding the future for our customers and community. As a result, every individual at Microsoft plays a pivotal role to “prioritize security above all else.” We’ve made significant progress in fostering a security-first culture. Some of the main updates include:  

• To improve governance, we announced the creation of a new Cybersecurity Governance Council and the appointment of Deputy Chief Information Security Officers (Deputy CISOs) for key security functions and all engineering divisions. Led by our CISO Igor Tsyganskiy, the Deputy CISOs form the Cybersecurity Governance Council, and are responsible for the company’s overall cyber risk, defense, and compliance.  

• Security is now a core priority for all employees at Microsoft and will be included in their performance reviews. This will empower every employee and manager to commit to—and be accountable for—prioritizing security, and a way for us to codify an employee’s contributions to SFI and celebrate impact.  

• We launched the Security Skilling Academy, a personalized learning experience of security-specific, curated trainings for all employees worldwide. The academy ensures that no matter the role, employees are equipped to prioritize security in their daily work and identify the direct part they have in securing Microsoft.  

• To ensure accountability and transparency at the highest levels, Microsoft’s senior leadership team reviews SFI progress weekly and updates are provided to Microsoft’s Board of Directors quarterly. Additionally, Microsoft’s senior leadership team now has security performance directly linked to compensation.  

Pillar highlights: A comprehensive approach to cybersecurity 

We’ve also made progress across our six key pillars, each representing a critical area of cybersecurity focus. These pillars guide our ongoing work to raise the bar for security across Microsoft and help us meet the evolving demands of the security landscape. These are the most recent updates across these areas:

1. Protect identities and secrets: We completed updates to Microsoft Entra ID and Microsoft Account (MSA) for our public and United States government clouds to generate, store, and automatically rotate access token signing keys using the Azure Managed Hardware Security Module (HSM) service. We have continued to drive broad adoption of our standard identity SDKs, which provide consistent validation of security tokens. This standardized validation now covers more than 73% of tokens issued by Microsoft Entra ID for Microsoft owned applications. We have extended standardized security token logging in our standard identity SDKs to support threat hunting and detections and enabled those in several critical services ahead of broad adoption. We completed enforcement of the use of phishing-resistant credentials in our production environments and implemented video-based user verification for 95% of Microsoft internal users in our productivity environments to eliminate password sharing during setup and recovery.  

2. Protect tenants and isolate production systems: We completed a full iteration of app lifecycle management for all of our production and productivity tenants, eliminating 730,000 unused apps. We eliminated 5.75 million inactive tenants, drastically reducing the potential cyberattack surface. We implemented a new system to streamline the creation of testing and experimentation tenants with secure defaults and strict lifetime management enforced. We have deployed more than 15,000 new production-ready locked-down devices in the last three months.  

3. Protect networks: More than 99% of physical assets on the production network are recorded in a central inventory system, which enriches asset inventory with ownership and firmware compliance tracking. Virtual networks with backend connectivity are isolated from the Microsoft corporate network and subject to complete security reviews to reduce lateral movement. To help customers secure their own deployments, we have expanded platform capabilities such as Admin Rules to ease the network isolation of platform as a service (PaaS) resources such as Azure Storage, SQL, Cosmos DB, and Key Vault. 

4. Protect engineering systems: 85% of our production build pipelines for the commercial cloud are now using centrally governed pipeline templates, making deployments more consistent, efficient, and trustworthy. We have slimmed down the lifespan of Personal Access Tokens to seven days, disabled Secure Shell (SSH) protocol access for all Microsoft internal engineering repos, and significantly reduced the number for elevated roles with access to engineering systems. We also implemented proof of presence checks for critical chokepoints in our software development code flow. 

5. Monitor and detect threats: We have made significant progress enforcing that all Microsoft production infrastructure and services adopt standard libraries for security audit logs, to ensure relevant telemetry is emitted, and retain logs for a minimum of two years. For instance, we have established central management and a two-year retention period for identity infrastructure security audit logs, encompassing all security audit events throughout the lifecycle of current signing keys. Similarly, more than 99% of network devices are now enabled with centralized security log collection and retention. 

6. Accelerate response and remediation: We updated processes across Microsoft to improve time to mitigate for critical cloud vulnerabilities. We began publishing critical cloud vulnerabilities as common vulnerability and exposures (CVEs), even if no customer action is required, to improve transparency. We established the Customer Security Management Office (CSMO) to improve public messaging and customer engagement for security incidents.  

Reaffirming our security commitment 

In security, consistent progress is more important than “perfection” and this is reflected in the scale of resources mobilized to achieve our SFI objectives. The collective work we are doing to continually increase protection, eliminate legacy or noncompliant assets, and identify remaining systems for monitoring conclusively measures our success. As we look ahead, we remain committed to ongoing improvement. SFI will continue to evolve, adapting to new cyberthreats and refining our security practices. Our commitment to transparency and industry collaboration remains unwavering. Earlier in 2024, Microsoft became a major supporter of the United States Cybersecurity and Infrastructure Security Agency’s (CISA) Secure by Design pledge, reinforcing our dedication to embedding security into every aspect of our products and services. Additionally, we continue to integrate recommendations from the Cyber Safety Review Board (CSRB) to strengthen our cybersecurity approach and enhance resilience. 

The work we’ve done so far is only the beginning. We know that cyberthreats will continue to evolve, and we must evolve with them. By fostering this culture of continuous learning and improvement, we are building a future where security is not just a feature, but a foundation. 

SFI Progress Report

Discover the key updates and milestones from the first SFI Progress Report.  

Read the report

​​Learn more

To learn more about Microsoft Security solutions and Microsoft’s Secure Future Initiative, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. 

The post ​​Securing our future: September 2024 progress update on Microsoft’s Secure Future Initiative (SFI) appeared first on Microsoft Security Blog.

Securing multicloud environments is a deeply nuanced task, and many organizations struggle to fully safeguard the many different ways cyberthreat actors can compromise their environment. In our latest report, “2024 State of Multicloud Security Risk,” we analyzed usage patterns across Microsoft Defender for Cloud, Microsoft Security Exposure Management, Microsoft Entra Permissions Management, and Microsoft Purview to identify the top multicloud security risks across Microsoft Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP), and beyond. This is the first time Microsoft has released a report sharing key insights across aspects of cloud security, including identity and data. 

This multidimensional analysis is key because it provides deeper visibility into all of the angles cyberattackers can use to breach cloud environments. For example, we found that more than 50% of cloud identities had access to all permissions and resources in 2023. Can you imagine what would happen if even one of these “super identities” were compromised? Looking beyond identity and access, we also discovered significant vulnerabilities in development and runtime environments and within organizations’ data security postures. These threats and more are the driving forces behind Microsoft’s work to advance cybersecurity protections by sharing the latest security intelligence and through programs like the recently expanded Secure Future Initiative, which works to guide Microsoft advancements according to secure by design, secure by default, and secure operations principles.

Read on for our topline insights from the report.

2024 State of Multicloud Security

The new report shares trends and insights to drive an integrated multicloud security strategy.

Read the report

1. Multicloud security demands a proactive, prioritized approach  

Any practitioner who has worked in cloud security can tell you just how challenging it is to analyze, prioritize, and address the hundreds of security alerts they receive every day. Security teams are also responsible for managing all exposed assets and other potential risk vectors. The average multicloud estate has 351 exploitable attack paths that lead to high-value assets, and we discovered more than 6.3 million exposed critical assets among all organizations.  

Cloud security posture management (CSPM) is one solution, but rather than taking a siloed approach, we recommend driving deeper, more contextualized CSPM as part of a cloud-native application protection platform (CNAPP).  

CNAPPs are unified platforms that simplify securing cloud-native applications and infrastructure throughout their lifecycle. Because CNAPPs can unify CSPM with things like multipipeline DevOps security, cloud workload protections, cloud infrastructure entitlement management (CIEM), and cloud service network security (CSNS), they can correlate alerts and eliminate visibility gaps between otherwise disparate tools. This allows security teams to proactively identify, prioritize, and mitigate potential cyberattack paths before they can be exploited. 

2. CNAPP embeds secure best practices throughout the entire application lifecycle

Properly securing cloud-native applications and infrastructure from initial code development to provisioning and runtime is a significant challenge area for many organizations. We found that 65% of code repositories contained source code vulnerabilities in 2023, which remained in the code for 58 days on average. Given that one quarter of high-risk vulnerabilities are exploited within 24 hours of being published, this creates a significant window for threat actors to take advantage and compromise your environment.²

In addition to delivering proactive protection during runtime, CNAPP can act as a shared platform for security teams to work with developers to unify, strengthen, and manage multipipeline DevOps security. And because CNAPP unites multiple cloud security capabilities under a single umbrella, security teams can also enforce full-lifecycle protections from a centralized dashboard. This shifts security left and heads off development risks before they become a problem in runtime.  

3. Organizations need a unified security approach to secure cross-cloud workloads

Multicloud security goes deeper than attack path analysis and strong DevSecOps. Organizations also need to examine how the growing use and variety of cloud workloads impact their exposure to cyberthreats. When cloud workloads span across multiple cloud environments, that creates a more complex threat landscape with additional complexities and dependencies that require proper configuration and monitoring to secure.  

Microsoft’s CNAPP solution, Microsoft Defender for Cloud, has an extended detection and response (XDR) integration that provides richer context to investigations and allows security teams to get the complete picture of an attack across cloud-native resources, devices, and identities. Roughly 6.5% of Defender for Cloud alerts were connected to other domains—such as endpoints, identities, networks, and apps and services—indicating cyberattacks that stretched across multiple cloud products and platforms.  

Rather than using individual point solutions to manage cross-cloud workload threats, organizations need an easy way to centralize and contextualize findings across their various security approaches. A CNAPP delivers that unified visibility. 

4. Securing growing workload identities requires a more nuanced approach

Also central to multicloud security is the idea of identity and access management. In the cloud, security teams must monitor and secure workload identities in addition to user identities. These workload identities are assigned to software workloads, such as apps, microservices, and containers. The growing usage of workload identities creates several challenges. 

For starters, workload identities make up 83% of all cloud identities within Microsoft Entra Permissions Management. When examining the data, we found that 40% of these workload identities are inactive—meaning they have not logged in or used any permissions in at least 90 days. These inactive identities are not monitored the same way as active identities, making them an attractive target for cyberattackers to compromise and use to move laterally. Workload identities can also be manually embedded in code, making it harder to clean them without triggering unintended consequences.  

What’s concerning, though, is the fact that the average organization has three human super identities for every seven workload super identities. These workload super identities have access to all permissions and resources within the multicloud environment, making them an enormous risk vector that must be addressed. And because workload identities are growing significantly faster than human identities, we expect the gap between human and workload super identities to widen rapidly.  

Security teams can address this risk by establishing visibility into all existing super identities and enforcing least privilege access principles over any unused or unnecessary permissions—regardless of the cloud they access. 

5. CIEM drives visibility and control over unused permissions

Speaking of permissions, our report found that more than 51,000 permissions were granted to users and workloads (up from 40,000 in 2022). With more permissions come more access points for cyberattackers.  

A CIEM can be used to drive visibility across the multicloud estate, eliminating the need for standing access for super identities, inactive identities, and unused permissions. Just 2% of human and workload identity permissions were used in 2023, meaning the remaining 98% of unused permissions open organizations up to unnecessary risk.  

By using a CIEM to identify entitlements, organizations can revoke unnecessary permissions and only allow just-enough permissions, just in time. This approach will significantly mitigate potential risks and enhance the overall security posture.  

6. A multilayered data security approach eliminates complexity and limits blind spots

Finally, organizations need a comprehensive data security approach that can help them uncover risks to sensitive data and understand how their users interact with data. It’s also important to protect and prevent unauthorized data use throughout the lifecycle using protection controls like encryption and authentication. 

A siloed solution won’t work, as organizations with 16 or more point solutions experience 2.8 times as many data security incidents as those with fewer tools. Instead, organizations should deploy integrated solutions through a multilayered approach that allows them to combine user and data insights to drive more proactive data security. At Microsoft, we accomplish this through Microsoft Purview—a comprehensive data security, compliance, and governance solution that discovers hidden risks to data wherever it lives or travels, protects and prevents data loss, and investigates and responds to data security incidents. It can also be used to help improve risk and compliance postures and meet regulatory requirements. 

Uncover strategies for mitigating your biggest multicloud risks 

Ultimately, multicloud security has multiple considerations that security teams must account for. It is not a check-the-box endeavor. Rather, security teams must continuously enforce best practices from the earliest stages of development to runtime, identity and access management, and data security. Not only must these best practices be enforced throughout the full cloud lifecycle, but they must also be standardized across all cloud platforms.

In a recent episode of our podcast, Uncovering Hidden Risks, we sat down with Christian Koberg-Pineda, a Principal Security DevOps Engineer at S.A.C.I. Falabella, to dive into his journey toward uncovering the challenges and strategies for safeguarding cloud-native applications across various cloud platforms. In it, he talks about the complexity of securing multiple clouds, including navigating differing configurations, technical implementations, and identity federation.

“One of the most relevant characteristics of cloud computing is that you can scale things on demand. As cloud security expert, you must think in scale too. You need to implement a security tool that is also capable of scaling together with your infrastructure or your services.”

– Christian Koberg-Pineda, Principal Security DevOps Engineer at S.A.C.I. Falabella

For more information on creating a secure multicloud environment, download the full “2024 State of Multicloud Security Risk” report and check out the below resources.  

• Uncovering Hidden Risks Podcast Episode 18: Navigating Multicloud Security Risks, A Customer Story.
• 2024 State of Multicloud Security Risk Report Infographic.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹SANS 2023 Multicloud Survey: Navigating the Complexities of Multiple Cloud,  SANS Institute. 

²1 in 4 high-risk CVEs are exploited within 24 hours of going public, SC Media.

The post 6 insights from Microsoft’s 2024 state of multicloud risk report to evolve your security strategy appeared first on Microsoft Security Blog.

Today’s threat landscape is unlike any we’ve seen before. Attacks are growing in speed, scale, and sophistication. In 2015, our identity systems were detecting around 115 password attacks per second. Less than a decade later, that number has surged 3,378% to more than 4,000 password attacks per second.¹ This landscape requires stronger and more comprehensive security approaches than ever before, across all devices and technologies we use in our lives both at home and at work.

Cybersecurity at the forefront of all we do

We’ve always had a longstanding commitment to security in Windows. Several years back, when we saw cyberattackers increasingly exploiting hardware, we introduced the Secured-core PC to help secure from chip to cloud and that critical layer of computing.

As we’ve seen identity-based cyberattacks increase at an alarming rate over the years, we’ve expanded our passwordless offerings quickly and broadly. In September 2023, we announced expanded passkey support with cross-device authentication, and have continued to build on that momentum. Earlier this month we announced passkey support for Microsoft consumer accounts and for device-bound passkeys in the Microsoft Authenticator app for iOS and Android users, expanding our support of this industry initiative backed by the FIDO Alliance. Passkeys on Windows are protected by Windows Hello technology that encompasses both Windows Hello and Windows Hello for Business. This latest step builds on nearly a decade of critical work strengthening Windows Hello to give users easier and more secure sign-in options and eliminate points of vulnerability.

Earlier this month we expanded our Secure Future Initiative (SFI), making it clear that we are prioritizing security above all else. SFI, a commitment we shared first in November 2023, prioritizes designing, building, testing, and operating our technology in a way that helps to ensure secure and trustworthy product and service delivery. With these commitments in mind, we’ve not only built new security features into Windows 11, but we’ve also doubled down on security features that will be turned on by default. Our goal remains simple: make it easy to stay safe with Windows. 

Today we are sharing exciting updates that make Windows more secure out of the box, by design and by default.

Windows 11

Create, collaborate, and keep your stuff protected.

Learn more

Modern, secure hardware

We believe security is a team sport. We are working in close partnership with our Original Equipment Manufacturer (OEM) partners to complement OEM security features and deliver more secure devices out of the box.

While Secured-core PCs were once considered specialized devices for those handling sensitive data, now Windows users can benefit from enhanced security and AI on one device. We announced that all Copilot+ PCs will be Secured-core PCs, bringing advanced security to both commercial and consumer devices. In addition to the layers of protection in Windows 11, Secured-core PCs provide advanced firmware safeguards and dynamic root-of-trust measurement to help protect from chip to cloud. 

Microsoft Pluton security processor will be enabled by default on all Copilot+ PCs. Pluton is a chip-to-cloud security technology—designed by Microsoft and built by silicon partners—with Zero Trust principles at the core. It helps protect credentials, identities, personal data, and encryption keys, making it significantly harder to remove, even if a cyberattacker installs malware or has physical possession of the PC.

All Copilot+ PCs will also ship with Windows Hello Enhanced Sign-in Security (ESS). This provides more secure biometric sign ins and eliminates the need for a password. ESS provides an additional level of security to biometric data by leveraging specialized hardware and software components, such as virtualization-based security (VBS) and Trusted Platform Module 2.0 to help isolate and protect authentication data and secure the channel on which it is communicated. ESS is also available on other compatible Windows 11 devices.

Stay ahead of evolving threats with Windows

To enhance user security from the start, we’re continuously updating security measures and enabling new defaults within Windows.

Windows 11 is designed with layers of security enabled by default, so you can focus on your work, not your security settings. Out-of-the-box features such as credential safeguards, malware shields, and application protection led to a reported 58% drop in security incidents, including a 3.1 times reduction in firmware attacks. In Windows 11, hardware and software work together to help shrink the attack surface, protect system integrity, and shield valuable data.² 

Credential and identity theft is a prime focus of cyberattackers. Enabling multifactor authentication with Windows Hello, Windows Hello for Business, and passkeys are effective multifactor authentication solutions. But, as more people enable multifactor authentication, cyberattackers are moving away from simple password-based attacks and focusing energy on other types of credential theft. We have been working to make this more difficult with our latest updates:

• Local Security Authority protection: Windows has several critical processes to verify a user’s identity, including the Local Security Authority (LSA). LSA authenticates users and verifies Windows sign ins, handling tokens and credentials, such as passwords, that are used for single sign-on to Microsoft accounts and Microsoft Azure services. LSA protection, previously on by default for all new commercial devices, is now also enabled by default for new consumer devices. For users upgrading where it has not previously been enabled, For new consumer devices and for users upgrading where it has not been enabled, LSA protection will enter into a grace period. LSA protection prevents LSA from loading untrusted code and prevents untrusted processes from accessing LSA memory, offering significant protection against credential theft.³ 
• NT LAN Manager (NTLM) deprecation: Ending the use of NTLM has been a huge ask from our security community as it will strengthen authentication. NTLM is being deprecated, meaning that, while supported, it is no longer under active feature development. We are introducing new features and tools to ease customers’ transitions to stronger authentication protocols.
• Advancing key protection in Windows using VBS: Now available in public preview for Windows Insiders, this feature helps to offer a higher security bar than software isolation, with stronger performance compared to hardware-based solutions, since it is powered by the device’s CPU. While hardware-backed keys offer strong levels of protection, VBS is helpful for services with high security, reliability, and performance requirements.
• Windows Hello hardening: With Windows Hello technology being extended to protect passkeys, if you are using a device without built-in biometrics, Windows Hello has been further hardened by default to use VBS to isolate credentials, protecting from admin-level attacks.

We have also prioritized helping users know what apps and drivers can be trusted to better protect people from phishing attacks and malware. Windows is both creating new inbox capabilities as well as providing more features for the Windows app developer community to help strengthen app security.

• Smart App Control: Now available and on by default on select new systems where it can provide an optimal experience, Smart App Control has been enhanced with AI learning. Using an AI model based on the 78 trillion security signals Microsoft collects each day, this feature can predict if an app is safe. The policy keeps common, known-to-be-safe apps running while unknown, malware-connected apps are blocked. This is incredibly effective protection against malware.
• Trusted Signing: Unsigned apps pose significant risks. In fact, Microsoft research has revealed that a lot of malware comes in the form of unsigned apps. The best way to ensure seamless compatibility with Smart App Control is with signing of your app. Signing contributes to its trustworthiness and helps ensure that an existing “good reputation” will be inherited by future app updates, making it less likely to be blocked inadvertently by threat detection systems. Recently moved into public preview, trusted signing makes this process simpler by managing every aspect of the certificate lifecycle. And it integrates with popular development tooling like Azure DevOps and GitHub.
• Win32 app isolation: A new security feature, currently in preview, Win32 app isolation makes it easier for Windows app developers to contain damage and safeguard user privacy choices in the event of an application compromise. Win32 app isolation is built on the foundation of AppContainers, which offer a security boundary, and components that virtualize resources and provide brokered access to other resources—like printer, registry, and file access. Win32 app isolation is close to general availability thanks to feedback from our developer community. App developers can now use Win32 app isolation with seamless Visual Studio integration.
• Making admin users more secure: Most people run as full admins on their devices, which means apps and services have the same access to the kernel and other critical services as users. And the problem is that these apps and services can access critical resources without the user knowing. This is why Windows is being updated to require just in time administrative access to the kernel and other critical services as needed, not all the time, and certainly not by default. This makes it harder for an app to unexpectedly abuse admin privileges and secretly put malware or malicious code on Windows. When this feature is enabled, such as when an app needs special permissions like admin rights, you’ll be asked for approval. When an approval is needed, Windows Hello provides a secure and easy way to approve or deny these requests, giving you, and only you, full control over your device. Currently in private preview, this will be available in public preview soon. 
• VBS enclaves: Previously available to Windows security features only, VBS enclaves are now available to third-party application developers. This software-based trusted executive environment within a host application’s address space offers deep operating system protection of sensitive workloads, like data decryption. Try the VBS enclave APIs to experience how the enclave is shielded from both other system processes and the host application itself. This results in more security for your sensitive workloads.

As we see cyberattackers come up with new strategies and targets, we continue to harden Windows code to address where bad actors are spending their time and energy.

• Windows Protected Print: In late 2023, we launched Windows Protected Print Mode to build a more modern and secure print system that maximizes compatibility and puts users first. This will be the default print mode in the future.
• Tool tips: In the past, tool tips have been exploited, leading to unauthorized access to memory. In older Windows versions, tool tips were managed as a single window for each desktop, established by the kernel and recycled for displaying any tool tip. We are revamping how tool tips work to be more secure for users. With the updated approach, the responsibility for managing the lifecycle of tool tips has been transferred to the respective application that is being used. Now, the kernel monitors cursor activity and initiates countdowns for the display and concealment of tool tip windows. When these countdowns conclude, the kernel notifies the user-level environment to either generate or eliminate a tool tip window.
• TLS server authentication: TLS (transport layer security) server authentication certificates verify the server’s identity to a client and ensure secure connections. While 1024-bit RSA encryption keys were previously supported, advancements in computing power and cryptanalysis require that Windows no longer trust these weak key lengths by default. As a result, TLS certificates with RSA keys less than 2048 bits chaining to roots in the Microsoft Trusted Root Program will not be trusted.

Lastly, with each Windows release we add more levers for commercial customers to lock down Windows within their environment.

• Config Refresh: Config Refresh allows administrators to set a schedule for devices to reapply policy settings without needing to check in to Microsoft Intune or other mobile device management vendors, helping to ensure settings remain as configured by the IT admin. It can be set to refresh every 90 minutes by default or as frequently as every 30 minutes. There is also an option to pause Config Refresh for a configurable period, useful for troubleshooting or maintenance, after which it will automatically resume or can be manually reactivated by an administrator.
• Firewall: The Firewall Configuration Service Provider (CSP) in Windows now enforces an all-or-nothing application of firewall rules from each atomic block of rules. Previously, if the CSP encountered an issue with applying any rule from a block, the CSP would not only stop that rule, but also would cease to process subsequent rules, leaving a potential security gap with partially deployed rule blocks. Now, if any rule in the block cannot be applied successfully to the device, the CSP will stop processing subsequent rule and all rules from that same atomic block will be rolled back, eliminating the ambiguity of partially deployed rule blocks.
• Personal Data Encryption (PDE): PDE enhances security by encrypting data and only decrypting it when the user unlocks their PC using Windows Hello for Business. PDE enables two levels of data protection. Level 1, where data remains encrypted until the PC is first unlocked; or Level 2, where files are encrypted whenever the PC is locked. PDE complements BitLocker’s volume level protection and provides dual-layer encryption for personal or app data when paired with BitLocker. PDE is in preview now and developers can leverage the PDE API to protect their app content, enabling IT admins to manage protection using their mobile device management solution. 
• Zero Trust DNS: Now in private preview, this feature will natively restrict Windows devices to connect only to approved network destinations by domain name. Outbound IPv4 and IPv6 traffic is blocked and won’t reach the intended destination unless a trusted, protected DNS server resolved it, or an IT admin configures an exception. Plan now to avoid blocking issues by configuring apps and services to use the system DNS resolver.

Explore the new Windows 11 security features

We truly believe that security is a team sport. By partnering with OEMs, app developers and others in the ecosystem—along with helping people to be better at protecting themselves—we are delivering a Windows that is more secure by design and secure by default. The Windows Security Book is available to help you learn more about what makes it easy for users to stay secure with Windows.

Learn more about Windows 11.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft Password Guidance, Microsoft Identity Protection Team. 2016.

²Windows 11 Survey Report, Techaisle. February 2022.

³Users can manage their LSA protection state in the Windows Security Application under Device Security -> Core Isolation -> Local Security Authority.

The post New Windows 11 features strengthen security to address evolving cyberthreat landscape appeared first on Microsoft Security Blog.

Security is our top priority at Microsoft—above all else—and our expanded Secure Future Initiative underscores our company-wide commitment to making the world a safer place for everyone. I am proud that Microsoft is prioritizing security in the age of AI as we continue to innovate with a security-first mindset. 

Today, new capabilities are now available in Microsoft Defender and Microsoft Purview to help organizations secure and govern generative AI applications at work. These releases deliver purpose-built policy tools and better visibility to help you secure and govern generative AI apps and their data. We are also delivering a new unified experience for the security analyst and integrating Microsoft Copilot for Security across our security product portfolio.  

You’ll be able to see firsthand these innovations and more across the Microsoft Security portfolio at RSA Conference (RSAC). I also hope you will also join me on Tuesday, May 7, 2024, for “Securing AI: What We’ve Learned and What Comes Next,” to explore the strategies that every organization can implement to securely design, deploy, and govern AI.

Secure your AI transformation with Microsoft Security

Wherever your organization is in your AI transformation, you will need comprehensive security controls to secure govern your AI applications and data throughout their lifecycle—development, deployment, and runtime.  

With the new capabilities announced today, Microsoft becomes the first security provider to deliver end-to-end AI security posture management, threat protection, data security, and governance for AI.

Discover new AI attack surfaces, strengthen your AI security posture, and protect AI apps against threats with Microsoft Defender for Cloud. Now security teams can identify their entire AI infrastructure—such as plugins, SDKs, and other AI technologies—with AI security posture management capabilities across platforms like Microsoft Azure OpenAI Service, Azure Machine Learning, and Amazon Bedrock. You can continuously identify risks, map attack paths, and use built-in security best practices to prevent direct and indirect attacks on AI applications, from development to runtime.

Integrated with Microsoft Azure AI services, including Microsoft Azure AI Content Safety and Azure OpenAI, Defender for Cloud will continuously monitor AI applications for anomalous activity, correlate findings, and enrich security alerts with supporting evidence. Defender for Cloud is the first cloud-native application protection platform (CNAPP) to deliver threat protection for AI workloads at runtime, providing security operations center (SOC) analysts with new detections that alert to malicious activity and active threats, such as jailbreak attacks, credential theft, and sensitive data leakage. Additionally, SOC analysts will be able facilitate incident response with native integration of these signals into Microsoft Defender XDR.

Identify and mitigate data security and data compliance risks with Microsoft Purview. Give your security teams greater visibility into and understanding of which AI applications are being used and how to help you safeguard your data effectively in the age of AI. The Microsoft Purview AI Hub, now in preview, delivers insights such as sensitive data shared with AI applications, total number of users interacting with AI apps and their associated risk level, and more. To prevent potential oversharing of sensitive data, new insights help organizations identify unlabeled files that Copilot references and prioritize mitigation of oversharing risks. Additionally, we are excited to announce the preview of non-compliant usage insights in the AI Hub to help customers discover potential AI interactions that violate enterprise and regulatory policies in areas like hate and discrimination, corporate sabotage, money laundering, and more.

Govern AI usage to comply with regulatory policies with new AI compliance assessments in Microsoft Purview. We understand how important it is to comply with regulations, and how complicated it can be when deploying new technology. Four new Compliance Manager assessment templates, now in preview, are available to help you assess, implement, and strengthen compliance with AI regulations and standards, including EU AI Act, NIST AI RMF, ISO/IEC 23894:2023, and ISO/IEC 42001. The new assessment insights will also be surfaced within the Purview AI Hub, providing recommended actions to support compliance as you onboard and deploy AI solutions.

Together we can help everyone pursue the benefits of AI, by thoughtfully addressing the new risks. The new capabilities in Microsoft Defender for Cloud and Microsoft Purview, which build on top of the innovations we shared at Microsoft Ignite 2023 and Microsoft Secure 2024, are important advancements in empowering security teams to discover, protect, and govern AI—whether you’re adopting software as a service (SaaS) AI solutions or building your own.

Read more about all of the new capabilities and features that help you secure and govern AI.

Strengthening end-to-end security with a unified security operations platform

We continue investing in our long-standing commitment to providing you with the most complete end-to-end protection for your entire digital estate. There is an immediate need for tool consolidation and AI to gain the speed and scale required to defend against these new digital threats. Microsoft integrates all of the foundational SOC tools—cloud-native security information and event management (SIEM), comprehensive native extended detection and response (XDR), unified security posture management, and generative AI—to deliver true end-to-end threat protection in a single platform, with a common data model, and a unified analyst experience.  

The new unified security operations platform experience, in preview, transforms the real-world analyst experience with a simple, approachable user experience that brings together all the security signals and threat intelligence currently stuck in other tools. Analysts will have more context at every stage, with helpful recommendations and suggestions for automation that make investigation and response easier than ever before. We are also introducing new features across Microsoft Sentinel and Defender XDR, including global search, custom detections, and automation rules.

We are also pleased to announce a number of additional new features and capabilities that will empower your security operations center (SOC) to work across Microsoft security products for stronger end-to-end security.

• Microsoft Security Exposure Management initiatives help your security team identify risky exposures and instances of insufficient implementation of essential security controls, to find opportunities for improvement.
• SOC analysts can now use insider risk information as part of their investigation in Microsoft Defender XDR.
• Microsoft Defender XDR expands to include native operational technology (OT) protection, enabling automatic correlation of OT threat signal into cross-workload incidents and the ability to manage OT and industrial control system vulnerabilities directly within Defender XDR.
• Expanded attack disruption in Microsoft Defender XDR, powered by AI, machine learning, and threat intelligence, will cover new attack scenarios like disabling malicious OAuth apps and will significantly broaden compromised user disruption, such as leaked credentials, stuffing, and guessing.
• Microsoft Sentinel launches SOC Optimizations to provide tailored guidance to help manage costs, increase the value of data ingested, and improve coverage against common attack techniques.

Expanded Microsoft Copilot for Security integrations

When it comes to supporting security teams and relieving complexity, Microsoft Copilot for Security offers a great advantage. Greater integration of Copilot across the Microsoft security portfolio and beyond provides richer embedded experiences and Copilot capabilities from familiar and trusted products. We are proud to announce new Microsoft Copilot for Security integrations, including Purview, new partner plugins, Azure Firewall, and Azure Web Application Firewall. These integrations provide your security teams with real-time guidance, deeper investigative insights, and expanded access to data from across your environment.  

Security for the era of AI

An end-to-end security platform will be a determining factor in every organization’s transformation and will play a critical role in the durability of AI-powered innovation. Organizations that focus on securing AI and invest in using AI to strengthen security will be the lasting leaders in their industries and markets. Microsoft is committed to empowering these industry and market leaders with security solutions that can help them achieve more. We bring together four critical advantages: large-scale data and threat intelligence; the most complete end-to-end platform; industry leading, responsible AI; and tools to help you secure and govern AI.

With the general availability of Copilot for Security, Microsoft has delivered on our promise to put industry-leading generative AI into the hands of IT and security professionals of all levels of experience. Now, with today’s release of new capabilities in Defender for Cloud and Microsoft Purview, we are also delivering on our commitment to empower IT and security teams with the tools they need to take advantage of AI safely, responsibly, and securely.

Lastly and importantly, security is a team sport. We look forward to working together with the industry and our partners on advancing cyber security for all. 

I do hope you’ll connect with us at RSAC this week, where we will be demonstrating our comprehensive security portfolio and how it helps you protect your environment from every angle to prepare for and confidently adopt and deploy AI. 

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post New capabilities to help you secure your AI transformation appeared first on Microsoft Security Blog.

Since then, the threat landscape has continued to rapidly evolve, and we have learned a lot. The recent findings by the Department of Homeland Security’s Cyber Safety Review Board (CSRB) regarding the Storm-0558 cyberattack from last July, and the Midnight Blizzard attack we reported in January, underscore the severity of the threats facing our company and our customers.

Microsoft plays a central role in the world’s digital ecosystem, and this comes with a critical responsibility to earn and maintain trust. We must and will do more.

We are making security our top priority at Microsoft, above all else—over all other features. We’re expanding the scope of SFI, integrating the recent recommendations from the CSRB as well as our learnings from Midnight Blizzard to ensure that our cybersecurity approach remains robust and adaptive to the evolving threat landscape.

We will mobilize the expanded SFI pillars and goals across Microsoft and this will be a dimension in our hiring decisions. In addition, we will instill accountability by basing part of the compensation of the company’s Senior Leadership Team on our progress in meeting our security plans and milestones.

Below are details to demonstrate the seriousness of our work and commitment.

Expansion of SFI approach and scope

We have evolved our security approach, and going forward our work will be guided by the following three security principles:

1. Secure by design: Security comes first when designing any product or service.
2. Secure by default: Security protections are enabled and enforced by default, require no extra effort, and are not optional.
3. Secure operations: Security controls and monitoring will continuously be improved to meet current and future threats.

We are further expanding our goals and actions aligned to six prioritized security pillars and providing visibility into the details of our execution:

1. Protect identities and secrets

Reduce the risk of unauthorized access by implementing and enforcing best-in-class standards across all identity and secrets infrastructure, and user and application authentication and authorization. As part of this, we are taking the following actions:

• Protect identity infrastructure signing and platform keys with rapid and automatic rotation with hardware storage and protection (for example, hardware security module (HSM) and confidential compute).
• Strengthen identity standards and drive their adoption through use of standard SDKs across 100% of applications.
• Ensure 100% of user accounts are protected with securely managed, phishing-resistant multifactor authentication.
• Ensure 100% of applications are protected with system-managed credentials (for example, Managed Identity and Managed Certificates).
• Ensure 100% of identity tokens are protected with stateful and durable validation.
• Adopt more fine-grained partitioning of identity signing keys and platform keys.
• Ensure identity and public key infrastructure (PKI) systems are ready for a post-quantum cryptography world.

2. Protect tenants and isolate production systems

Protect all Microsoft tenants and production environments using consistent, best-in-class security practices and strict isolation to minimize breadth of impact. As part of this, we are taking the following actions:

• Maintain the security posture and commercial relationships of tenants by removing all unused, aged, or legacy systems.
• Protect 100% of Microsoft, acquired, and employee-created tenants, commerce accounts, and tenant resources to the security best practice baselines.
• Manage 100% of Microsoft Entra ID applications to a high, consistent security bar.
• Eliminate 100% of identity lateral movement pivots between tenants, environments, and clouds.
• 100% of applications and users have continuous least-privilege access enforcement.
• Ensure only secure, managed, healthy devices will be granted access to Microsoft tenants.

3. Protect networks

Protect Microsoft production networks and implement network isolation of Microsoft and customer resources. As part of this, we are taking the following actions:

• Secure 100% of Microsoft production networks and systems connected to the networks by improving isolation, monitoring, inventory, and secure operations.
• Apply network isolation and microsegmentation to 100% of the Microsoft production environments, creating additional layers of defense against attackers.
• Enable customers to easily secure their networks and network isolate resources in the cloud.

4. Protect engineering systems

Protect software assets and continuously improve code security through governance of the software supply chain and engineering systems infrastructure. As part of this, we are taking the following actions:

• Build and maintain inventory for 100% of the software assets used to deploy and operate Microsoft products and services.
• 100% of access to source code and engineering systems infrastructure is secured through Zero Trust and least-privilege access policies.
• 100% of source code that deploys to Microsoft production environments is protected through security best practices.
• Secure development, build, test, and release environments with 100% standardized, governed pipelines and infrastructure isolation.
• Secure the software supply chain to protect Microsoft production environments.

5. Monitor and detect threats

Comprehensive coverage and automatic detection of threats to Microsoft production infrastructure and services. As part of this, we are taking the following actions:

• Maintain a current inventory across 100% of Microsoft production infrastructure and services.
• Retain 100% of security logs for at least two years and make six months of appropriate logs available to customers.
• 100% of security logs are accessible from a central data lake to enable efficient and effective security investigation and threat hunting.
• Automatically detect and respond rapidly to anomalous access, behaviors, and configurations across 100% of Microsoft production infrastructure and services.

6. Accelerate response and remediation

Prevent exploitation of vulnerabilities discovered by external and internal entities, through comprehensive and timely remediation. As part of this, we are taking the following actions:

• Reduce the Time to Mitigate for high-severity cloud security vulnerabilities with accelerated response.
• Increase transparency of mitigated cloud vulnerabilities through the adoption and release of Common Weakness Enumeration™ (CWE™), and Common Platform Enumeration™ (CPE™) industry standards for released high severity Common Vulnerabilities and Exposures (CVE) affecting the cloud.
• Improve the accuracy, effectiveness, transparency, and velocity of public messaging and customer engagement.

These goals directly align to our learnings from the Midnight Blizzard incident as well as all four CSRB recommendations to Microsoft and all 12 recommendations to cloud service providers (CSPs), across the areas of security culture, cybersecurity best practices, auditing logging norms, digital identity standards and guidance, and transparency.

We are delivering on these goals through a new level of coordination with a new operating model that aligns leaders and teams to the six SFI pillars, in order to drive security holistically and break down traditional silos. The pillar leaders are working across engineering Executive Vice Presidents (EVPs) to drive integrated, cross-company engineering execution, doing this work in waves. These engineering waves involve teams across Microsoft Azure, Windows, Microsoft 365, and Security, with additional product teams integrating into the process weekly.

While there is much more to do, we’ve made progress in executing against SFI priorities. For example, we’ve implemented automatic enforcement of multifactor authentication by default across more than one million Microsoft Entra ID tenants within Microsoft, including tenants for development, testing, demos, and production. We have eliminated or reduced application targets by removing 730,000 apps to date across production and corporate tenants that were out-of-lifecycle or not meeting current SFI standards. We have expanded our logging to give customers deeper visibility. And we recently announced a significant shift on our response process: We are now publishing root cause data for Microsoft CVEs using the CWE™ industry standard.

Adhering to standards with paved paths systems

Paved paths are best practices from our learned experiences, drawing upon lessons such as how to optimize productivity of our software development and operations, how to achieve compliance (such as Software Bill of Materials, Sarbanes-Oxley Act, General Data Protection Regulation, and others), and how to eliminate entire categories of vulnerabilities and mitigate related risks. A paved path becomes a standard when adoption significantly improves the developer or operations experience or security, quality, or compliance.

With SFI, we are explicitly defining standards for each of the six security pillars, and adherence to these standards will be measured as objectives and key results (OKRs).

Driving continuous improvement

The Secure Future Initiative empowers all of Microsoft to implement the needed changes to deliver security first. Our company culture is based on a growth mindset that fosters an ethos of continuous improvement. We continually seek feedback and new perspectives to tune our approach and progress. We will take our learnings from security incidents, feed them back into our security standards, and operationalize these learnings as paved paths that can enable secure design and operations at scale.

Instituting new governance

We are also taking major steps to elevate security governance, including several organizational changes and additional oversight, controls, and reporting.

Microsoft is implementing a new security governance framework spearheaded by the Chief Information Security Officer (CISO). This framework introduces a partnership between engineering teams and newly formed Deputy CISOs, collectively responsible for overseeing SFI, managing risks, and reporting progress directly to the Senior Leadership Team. Progress will be reviewed weekly with this executive forum and quarterly with our Board of Directors.

Finally, given the importance of threat intelligence, we are bringing the full breadth of nation-state actor and threat hunting capabilities into the CISO organization.

Instilling a security-first culture

Culture can only be reinforced through our daily behaviors. Security is a team sport and is best realized when organizational boundaries are overcome. The engineering EVPs, in close coordination with SFI pillar leaders, are holding broadscale weekly and monthly operational meetings that include all levels of management and senior individual contributors. These meetings work on detailed execution and continuous improvement of security in context with what we collectively deliver to customers. Through this process of bottom-to-top and end-to-end problem solving, security thinking is ingrained in our daily behaviors.  

Ultimately, Microsoft runs on trust and this trust must be earned and maintained. As a global provider of software, infrastructure, and cloud services, we feel a deep responsibility to do our part to keep the world safe and secure. Our promise is to continually improve and adapt to the evolving needs of cybersecurity. This is job number one for us.

The post Security above all else—expanding Microsoft’s Secure Future Initiative appeared first on Microsoft Security Blog.

Two decades of evolution

It’s been 20 years since we introduced the Microsoft Security Development Lifecycle (SDL)—a set of practices and tools that help developers build more secure software, now used industry-wide. Mirroring the culture of Microsoft to uphold security and born out of the Trustworthy Computing initiative, the aim of SDL was—and still is—to embed security and privacy principles into technology from the start and prevent vulnerabilities from reaching customers’ environments.

In 20 years, the goal of SDL hasn’t changed. But the software development and cybersecurity landscape has—a lot.

With cloud computing, Agile methodologies, and continuous integration/continuous delivery (CI/CD) pipeline automation, software is shipped faster and more frequently. The software supply chain has become more complex and vulnerable to cyberattacks. And new technologies like AI and quantum computing pose new challenges and opportunities for security.

SDL is now a critical pillar of the Microsoft Secure Future Initiative, a multi-year commitment that advances the way we design, build, test, and operate our Microsoft Cloud technology to ensure that we deliver solutions meeting the highest possible standard of security.

Next generation of the Microsoft SDL

Learn how we're tackling security challenges.

Read the white paper

Continuous evaluation

Microsoft has been evolving the SDL to what we call “continuous SDL”. In short, Microsoft now measures security state more frequently and throughout the development lifecycle. Why? Because times have changed, products are no longer shipped on an annual or biannual basis. With the cloud and CI/CD practices, services are shipped daily or sometimes multiple times a day.

Data-driven methodology

To achieve scale across Microsoft, we automate measurement with a data-driven methodology when possible. Data is collected from various sources, including code analysis tools like CodeQL. Our compliance engine uses this data to trigger actions when needed.

CodeQL: A static analysis engine used by developers to perform security analysis on code outside of a live environment.

While some SDL controls may never be fully automated, the data-driven methodology helps deliver better security outcomes. In pilot deployments of CodeQL, 92% of action items were addressed and resolved in a timely fashion. We also saw a 77% increase in CodeQL onboarding amongst pilot services.

Transparent, traceable evidence

Software supply chain security has become a top priority due to the rise of high-profile attacks and the increase in dependencies on open-source software. Transparency is particularly important, and Microsoft has pioneered traceability and transparency in the SDL for years. Just as one example, in response to Executive Order 14028, we added a requirement to the SDL to generate software bills of material (SBOMs) for greater transparency.

But we didn’t stop there.

To provide transparency into how fixes happen, we now architect the storage of evidence into our tooling and platforms. Our compliance engine collects and stores data and telemetry as evidence. By doing so, when the engine determines that a compliance requirement has been met, we can point to the data used to make that determination. The output is available through an interconnected “graph”, which links together various signals from developer activity and tooling outputs to create high-fidelity insights. This helps us give customers stronger assurances of our security end-to-end.

Modernized practices

Beyond making the SDL automated, data-driven, and transparent, Microsoft is also focused on modernizing the practices that the SDL is built on to keep up with changing technologies and ensure our products and services are secure by design and by default. In 2023, six new requirements were introduced, six were retired, and 19 received major updates. We’re investing in new threat modeling capabilities, accelerating the adoption of new memory-safe languages, and focusing on securing open-source software and the software supply chain.

We’re committed to providing continued assurance to open-source software security, measuring and monitoring open-source code repositories to ensure vulnerabilities are identified and remediated on a continuous basis. Microsoft is also dedicated to bringing responsible AI into the SDL, incorporating AI into our security tooling to help developers identify and fix vulnerabilities faster. We’ve built new capabilities like the AI Red Team to find and fix vulnerabilities in AI systems.

By introducing modernized practices into the SDL, we can stay ahead of attacker innovation, designing faster defenses that protect against new classes of vulnerabilities.

How can continuous SDL benefit you?

Continuous SDL can help you in several ways:

• Peace of mind: You can continue to trust that Microsoft products and services are secure by design, by default, and in deployment. Microsoft follows the continuous SDL for software development to continuously evaluate and improve its security posture.
• Best practices: You can learn from Microsoft’s best practices and tools to apply them to your own software development. Microsoft shares its SDL guidance and resources with the developer community and contributes to open-source security initiatives.
• Empowerment: You can prepare for the future of security. Microsoft invests in new technologies and capabilities that address emerging threats and opportunities, such as post-quantum cryptography, AI security, and memory-safe languages.

Where can you learn more?

For more details and visual demonstrations on continuous SDL, read the full white paper by SDL pioneers Tony Rice and David Ornstein.

Learn more about the Secure Future Initiative and how Microsoft builds security into everything we design, develop, and deploy.

The post Evolving Microsoft Security Development Lifecycle (SDL): How continuous SDL can help you build more secure software appeared first on Microsoft Security Blog.

Secure Future Initiative

A new world of security.

Learn more

Microsoft’s mission to empower every person and every organization on the planet to achieve more depends on security. We recognize that when Microsoft plays a role in pioneering cutting-edge technology, we also have the responsibility to lead the way in protecting our customers and our own infrastructure from cyberthreats. Against the exponentially increasing pace, scale, and complexity of the security landscape, it’s critical that we evolve to be more dynamic, proactive, and integrated in our security model to continue meeting the changing needs and expectations of our customers and the market. Our rich history in innovation is a testament to our commitment to delivering impactful and trustworthy products and services that that shape industries and transform lives. This legacy continues as we consistently work to set new benchmarks for safeguarding our digital future.

Expanding upon our foundation of built-in security, in November 2023 we launched the Secure Future Initiative (SFI) to directly address the escalating speed, scale, and sophistication of cyberattacks we’re witnessing today. This initiative is an anticipatory strategy reflecting the actions we are taking to “build better and respond better” in security, using automation and AI to scale this work, and strengthen identity protection against highly sophisticated cyberattacks. It’s not about tailoring our defenses to a single cyberattack: SFI underscores the importance of a continually and proactively evolving security model that adapts to the ever-changing digital landscape.

Four months have passed since we introduced SFI, and the achievements in our engineering developments demonstrate the concrete actions we’ve implemented to make sure that Microsoft’s security infrastructure stays strong in a constantly changing digital environment.  Read more below for updates on the initiative.

Transforming software development with automation and AI

As noted in our November 2, 2023 SFI announcement, we’re evolving our security development lifecycle (SDL) to continuous SDL—which we define as applying systematic processes to continuously integrate cybersecurity protection against emerging threat patterns as our engineers code, test, deploy, and operate our systems and service. Read more about continuous SDL here.

As part of our evolution to continuous SDL, we’re deploying CodeQL for code analysis to 100% of our commercial products. CodeQL is a powerful static analysis tool in the software security space. It offers advanced capabilities across numerous programming languages that detect complex security mistakes within source code. While our code repos go through rigorous SDL assessment leveraging traditional tooling, as part of our SFI work we now use CodeQL to cover 86% of our Azure DevOps code repositories from our commercial businesses in our Cloud and AI, enterprise and devices, security and strategic missions, and technology groups. We are expanding this further and anticipate that completing the consolidation process of the last 14% will be a complex, multi-year journey due to specific code repositories and engineering tools requiring additional work. In 2023, we onboarded more than one billion lines of source code to CodeQL, which highlights our commitment toward progress.

As part of efforts to broaden adoption of memory safe languages, we donated USD1 million in December 2023 to the Rust Foundation, an integral partner in stewarding the Rust programming language. Additionally, we’re providing an additional USD3.2 million to the Alpha-Omega project. In partnership with the Open Source Security Foundation (OpenSSF) and co-led with Google and Amazon, Alpha-Omega’s mission is to catalyze security improvements to the most widely deployed open source software projects and ecosystems critical to global infrastructure. Our contribution this year will help expand coverage, more than doubling the number of widely deployed open source projects we analyze, including 100 of the most commonly used open source AI libraries. The Alpha-Omega 2023 Annual Report highlights security and process improvements from last year and strides toward fostering a sustainable culture of security within open source communities.  

Together, our SFI-driven advances in expanding continuous SDL, fostering secure open source updates, and adopting memory safe languages strengthen the foundation of software throughout Microsoft’s own products and platforms, as well as the wider industry.

Strengthening identity protection against highly sophisticated attacks

As part of our SFI engineering advances, we’re enforcing the use of standard identity libraries such as the Microsoft Authentication Library (MSAL) enterprise-wide across Microsoft. This initiative is pivotal in achieving a cohesive and reliable identity verification framework. It facilitates seamless, policy-compliant management of user, device, and service identities across all Microsoft platforms and products, ensuring a fortified and consistent security posture.

Our efforts have already seen noteworthy achievements in several key areas. We’ve reached a major milestone with full integration of MSAL into Microsoft 365 across all four major platforms: Windows, macOS, iOS, and Android marking a significant advancement toward universal standardization. This integration ensures that Microsoft 365 applications are underpinned by a unified authentication mechanism. In the Azure ecosystem, encompassing critical tools such as Microsoft Visual Studio, Azure SDK, and Microsoft Azure CLI, MSAL has been fully adopted, underscoring our commitment to secure and streamlined authentication processes within our development tools. Furthermore, over 99% of internal service-to-service authentication requests, using Microsoft Entra for authorization, now utilize MSAL, highlighting our dedication to boosting security and efficiency in inter-service communications. Ultimately, these milestones further harden identity and authorization across our vast estate, making it increasingly difficult for threats and intruders to move between users and systems.

Looking ahead, we’re setting ambitious objectives to further bolster our security infrastructure. By the end of this year, we aim to fully automate the management of Microsoft Entra ID and Microsoft Account (MSA) keys. This process will include rapid rotation and secure storage of keys within Hardware Security Modules (HSMs), significantly enhancing our security measures. Additionally, we’re on track to ensure that Microsoft’s most widely used applications transition to standard identity libraries by the end of the year. Through these collective efforts we aim to not only enhance security but also improve the user experience and streamline authentication processes across our product suite.

Stay up to date on the latest Secure Future Initiative updates

As we forge ahead with the SFI, Microsoft remains unwavering in its commitment to continuously evolve our security posture and provide transparency in our communications. We’re dedicated to innovating, protecting, and leading in an era where digital threats are constantly changing. The progress we’ve shared today is only a fraction of our comprehensive strategy to safeguard the digital infrastructure and our customers who rely on it.

In the coming months, we will continue to share our progress on enhancing our capabilities, deploying innovative technologies, and strengthening our collaborations to address the complexities of cybersecurity. We’re committed to building a safer, more resilient digital world, with a focus on transparency and safety in every step.

To learn more  about the Microsoft SFI and read more details on our three engineering advances, visit our built-in security site.

Learn more about Microsoft Security solutions and bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Enhancing protection: Updates on Microsoft’s Secure Future Initiative appeared first on Microsoft Security Blog.