MSRC also fosters the development of a stronger and more effective security researcher community through a variety of initiatives, including the Microsoft bug bounty program, the BlueHat security conference, the MSRC blog, and internal security training for engineers.

Microsoft uses a Coordinated Vulnerability Disclosure (CVD) process that recognizes security researchers while disclosing vulnerabilities in a responsible and timely manner.

Collaboration through bug bounty programs and researcher recognition

Security researchers are incentivized to find vulnerabilities and report them through a Coordinated Vulnerability Disclosure (CVD) process. Some reported vulnerabilities are eligible for rewards as part of Microsoft’s bug bounty programs. These programs are an important part of our proactive strategy of incentivizing the external security research community to partner with us and help protect our customers from security threats. Since its inception in 2013, Microsoft’s bug bounty programs have awarded more than $60 million in bounties to security researchers.

In 2024, we announced expansions to several existing bounty programs, and launched a new Defender Bounty Program and AI Bounty Program. We also expanded our bug bounty programs with Microsoft Zero Day Quest, which adds $4 million in potential bug bounty rewards for research into high-impact areas, specifically cloud and AI. Security researchers who report a vulnerability that isn’t eligible for a bug bounty can still take part in the Microsoft Researcher Recognition Program and be recognized for their work on the Researcher Leaderboard.

Coordinated Vulnerability Disclosure (CVD)

Microsoft follows the CVD principle when partnering with external security researchers to respond and mitigate vulnerabilities in our products and services. This approach gives researchers recognition for their work—and provides Microsoft an opportunity to address newly reported vulnerabilities before bad actors can exploit them.

To better protect our products and services, MSRC partners with Microsoft engineering teams to build proactive mitigations using the information provided by both internal and external security researchers. This can significantly reduce or eliminate classes of vulnerabilities.

Many of the cloud service vulnerabilities are fixed by Microsoft on our servers and don’t require customers to take action to stay secure, but for purposes of transparency we now disclose all critical cloud common vulnerabilities and exposures (CVEs). In cases where Microsoft customers need to act, Microsoft provides customers with clear and timely security guidance.

To help customers accelerate their security response and remediation, Microsoft recently expanded our CVD strategy to include machine-readable Common Security Advisory Framework (CSAF) files that complement our existing CVD data sharing channels. With CSAF files, Microsoft customers now have machine-readable information on known vulnerabilities. This capability is part of our comprehensive strategy for vulnerability disclosure, which includes our Security Updates API and the human-readable vulnerability disclosures provided in the MSRC Security Update Guide.

Microsoft Active Protections Program (MAPP)

The Microsoft Active Protections Program (MAPP) gives security technology providers early access to vulnerability information so that they can more rapidly provide updated protections to their customers. More than 100 MAPP partners receive security vulnerability information from the MSRC in advance of Microsoft’s monthly security update release. Partners use this information to provide protections through their security software or devices, such as antivirus software, network-based intrusion detection systems, or host-based intrusion prevention systems.

To learn about the MAPP program, including which types of organizations are eligible to join MAPP, what is required of member organizations, and MAPP program tiers, read the MAPP Frequently Asked Questions.

Release of security updates

Microsoft-managed backend services require no additional customer action to stay secure. In cases where customers must take action to stay secure, we release security updates.

After a vulnerability that requires customers to take action has been fixed in our products, MSRC provides updates. MSRC releases security updates for most Microsoft products on the second Tuesday of each month at 10:00 AM PT and recommends that IT administrators and other customers plan their deployment schedules accordingly.

Cybersecurity education through content and conferences

A key component of MSRC’s work is to provide educational content for the security community. MSRC shares important public updates on vulnerabilities and more on the MSRC blog (you can also subscribe through the MSRC RSS feed). The latest information about security-related deployments, known vulnerabilities, and advisories can be found on the Security Update Guide.

MSRC also works to build a stronger security researcher community by hosting the BlueHat security conference. BlueHat brings together leading researchers and security practitioners, providing a platform to share knowledge and best practices around security. If you missed the latest conference, you can view on-demand presentations from past conferences or listen to the BlueHat Podcast (subscribe here).

Learn more about the Microsoft Security Response Center

To learn more about MSRC, visit us at msrc.microsoft.com. There, you can find detailed information on our programs and access educational resources. You can also learn more about MSRC and Microsoft’s related security initiatives through the following resources:

• Learn about how Microsoft is taking a comprehensive approach to security with the Secure Future Initiative.
• Learn how MSRC engages with security researchers using our bug bounty programs (including Zero Day Quest), the Microsoft Researcher Recognition Program, and Researcher Leaderboard.
• Learn about the CVD principle and how MSRC is enhancing our approach to vulnerability disclosure with Common Security Advisory Framework (CSAF) files and our Security Updates API.
• Check for security updates using the MSRC Security Update Guide.
• Check out the latest updates on the MSRC blog (or subscribe through the MSRC RSS feed).
• Learn more about the BlueHat security conference, watch on-demand presentations or listen to the BlueHat Podcast.
• Report a vulnerability in Microsoft a product or service in the MSRC Researcher Portal.
• Follow us on social media (LinkedIn and X) to stay current with the latest security updates and advisories.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post How MSRC coordinates vulnerability research and disclosure while building community appeared first on Microsoft Security Blog.

Just last week I was in Tokyo for the Japan Security Forum, where Miki Tsusaka, the President of Microsoft Japan and I had a great conversation during a CyberWomen Asia fireside chat about the importance of women in cybersecurity. Following the chat was a panel discussion with Tsutaki-san, Security leader at Yamaha Motor Corporation and Debbie Furtado, one of our bright Principal group engineering managers. The event highlighted our different perspectives and talents which are invaluable to drive innovation and progress across various industries. I am proud to be a part of Microsoft Security, which is focused on building and nurturing an inclusive cybersecurity workforce and curating careers, tools, and resources that work for everyone. We recognize that this promotes business growth, strengthens global defenses, and enhances AI safety. 

According to the World Economic Forum, gender equality in entrepreneurship drives economic growth and innovation.¹ McKinsey and Company has also observed that closing the gender gap in employment and entrepreneurship could increase global GDP by 20%, and that organizations with 30% or more women on executive teams are 27% more likely to achieve higher profitability.²  

For a better future we need everyone in the journey and this is particularly of significance in cybersecurity where we face a critical shortage of talent and where cyberthreat actors are from diverse backgrounds.  

Cybersecurity Awareness

Empower everyone to be a cyber defender with resources and training curated by the security experts at Microsoft.

Learn more

Addressing the skills gap in cybersecurity and AI

There is a significant talent gap in cybersecurity. The 2024 ISC2 Cybersecurity Workforce Study reports a global shortage of 4.7 million skilled workers.³ This worker shortage has been a significant challenge the past 12 months and is expected to continue for the next two years. To address this growing concern, we must embrace a wide range of perspectives and backgrounds to foster innovation and find more effective solutions to these challenges.   

By incorporating individuals with varied perspectives, experiences, and approaches within the cybersecurity workforce, we can enhance problem-solving capabilities and enhance strategic defenses.   

Cybercriminals come from various cultures and backgrounds, bringing different perspectives. Security professionals with varied backgrounds and perspectives can provide creative approaches and unique insights to counter these cyberthreats.  Likewise, for AI, having different backgrounds and perspectives help with AI safety and biases. 

Continue to deepen expertise and invite different perspectives

While progress has been made in creating opportunities for women in cybersecurity, significant work remains to remove entry barriers. It is essential to continue our efforts to improve representation in cybersecurity by creating new pathways and gaining support from more allies. I wholeheartedly encourage you to actively contribute to this objective through the many organizations and programs available and by doing the following: 

• Share the accomplishments of meaningful role models with a wide range of experiences and perspectives. 
• Adjust job requirements to remove potential biases. 
• Offer inclusive training that encourages professionals, particularly those in their early careers, and encourage them to advance their skills in cybersecurity. 
• Volunteer for educational programs that include cybersecurity and AI training. 
• Reach out to community groups that advocate for mentorship opportunities. 
• Act as an ally and create opportunities for those interested in cybersecurity careers, such as by encouraging them to participate and speak up and introducing them to peers. 

Security should be for all and we are all in this together. Together, we can enhance the global security workforce and contribute to a promising future.  

Register for our upcoming panel “Harnessing Diversity – Strengthening the Cybersecurity Workforce in the Age of AI” and visit Microsoft’s cybersecurity awareness page for resources and training provided by Microsoft security experts, enabling everyone in your organization to become a cyber defender. Let us all acknowledge the importance of diversity in cybersecurity and its critical role in safeguarding our future and shaping a history we can be proud of. 

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Advancing gender parity in entrepreneurship: strategies for a more equitable future, World Economic Forum. January 20, 2025.

²Diversity matters even more: The case for holistic impact, McKinsey and Company. December 5, 2023.

³2024 ISC2 Cybersecurity Workforce Study, ISC2. October 31, 2024.

The post Women’s History Month: Why different perspectives in cybersecurity and AI matter more than ever before appeared first on Microsoft Security Blog.

In the current AI landscape, inspiration and information are more important than ever for security professionals to stay ahead of threat actors. So if you’re looking to boost your skills and stay ahead of the threat landscape, join Microsoft Security at the top cybersecurity events in 2025.

Whether you join us at an industry staple like RSAC or one of our own events like Microsoft Secure, you can benefit in several key ways:

• Get insights and strategies needed to overcome obstacles and drive your security initiatives forward with confidence.
• See live demos of the latest products, product features, skills, and tools you can use in your work. Be among the first to hear about Microsoft Security innovations, such as Microsoft’s Secure Future Initiative and XSPA (cross-site port attack) updates attendees of Microsoft Ignite 2024 heard.
• Learn from Microsoft Security experts on global threat intelligence.
• Network with other like-minded security pros, learn best practices from your peers, and meet one-on-one with our experts.

Whatever your role, there’s an event for you and a path to successfully safeguarding your organization.

Microsoft Secure

Learn why AI innovation requires AI security at Microsoft Secure, April 9, 2025. Explore the latest solutions that can help your organization protect data, defend against cyber threats, and stay compliant.

Register now

Conferences to inspire and engage everyone

Security professionals of all levels can benefit from attending one of the biggest cybersecurity events, including RSAC, Black Hat, plus two premier Microsoft events—Microsoft Secure (virtual) and Microsoft Ignite (in-person and virtual). If you love being the first to hear about Microsoft product innovations, don’t miss these Microsoft events with insights every security professional can put to good use.

Microsoft Secure

Date: April 9, 2025
Location: Online only

Learn why AI innovation requires AI security at Microsoft Secure on April 9, 2025. Join Microsoft Security leaders at the one-hour showcase as they dive deep into our AI-first end-to-end security platform, share tangible insights about how to secure your AI investments, and explore demos. This is your opportunity to find solutions that can help your organization protect data, defend against cyberthreats, and stay compliant.

RSAC

Dates: April 27-May 1, 2025
Location: San Francisco, CA

RSAC 2025 is a can’t-miss security conference, bringing together more than 40,000 security professionals to discuss the latest cybersecurity challenges and innovation with the best of the best. With the theme of “Many Voices. One Community,” RSAC will feature keynotes, track sessions, interactive sessions, networking opportunities, and an expo designed to foster advanced security strategies.

Throughout RSAC, Microsoft Security will showcase end-to-end security innovations and share world class threat and regulatory intelligence to give you the advantage you need in the era of AI. From our signature Pre-Day to hands-on demos and one-on-one meetings, discover how Microsoft Security can give you the advantage you need in the era of AI.​ Check out the full Microsoft at RSAC experience.

Black Hat

Dates: August 2-7, 2025
Location: Las Vegas, NV

The Black Hat Conference is a premier learning event in the cybersecurity industry, known for its in-depth technical sessions and cutting-edge research presentations on topics like critical infrastructure and information security research news.

Microsoft is a key sponsor of the conference each year, where we showcase our latest discoveries and AI research on real-world problems and solutions. Last year, our AI Red Teaming in Practice training sessions and our AI Summit roundtables were a hit. Black Hat is also known for its security community celebrations, including the Cybersecurity Woman of the Year Awards and the Researcher celebrations, which we take part in every year.

Microsoft Ignite

Dates: November 17-21, 2025
Location: San Francisco, CA, and online

Microsoft Ignite is Microsoft’s biggest annual conference for developers, IT professionals, business leaders, security professionals, and partners. Thousands of security professionals like you attend every year to hear the biggest security product announcements from Microsoft Security and gain training and skilling to prepare for future advancements in AI. Security professionals of all levels can join interactive labs, workshops, keynotes, technical breakout sessions, demos, and more, led by Microsoft Security leaders and experts.

Over the past few years, we’ve really boosted Microsoft Security experiences at Microsoft Ignite. Last year, we hosted the Microsoft Ignite Security Forum for security leaders and two workshops on AI red teaming and Microsoft 365 Copilot deployment. Plus, we hosted more than 30 sessions demoing new features to help you secure your environment, use your favorite Microsoft tools safely and securely, and make sure your organizational processes prioritize security first.

If you attend Microsoft Ignite in person this year, you won’t want to miss our Security Leaders Dinner or the security community party. If you’re not able to attend in person, you can register for our virtual event.​ Sign up to learn more.

Events for security leaders and decision-makers

Microsoft AI Tour

Dates: Through May 30, 2025
Location: Multiple worldwide

The Microsoft AI Tour is a free, one-day event for executives that explores the ways AI can drive growth and create lasting value in multiple cities around the globe. Whether you’re a functional decision-maker who evaluates investments, an IT team member charged with security, or a CISO revamping your security strategy, there will be valuable security content tailored to your needs.

Microsoft Security’s top business leaders attend AI tour locations worldwide to share with you how Microsoft Security Copilot lets you protect at the speed and scale of AI. They are also available to meet with you.

Gartner Security and Risk Management Summit

Dates: June 9-11, 2025
Location: National Harbor, MD

The Gartner Security and Risk Management Summit (Gartner SRM) explores trends in cybersecurity risk management, including the integration of generative AI, being an effective CISO, the importance of balancing response and recovery efforts with prevention, combating misinformation, and closing the cybersecurity skills gap to build a resilient workforce.

Microsoft Security executives host sessions at Gartner SRM to help you ensure the security of AI systems and adopt AI to drive innovation and efficiency. Our most popular topics center around securing and governing AI.

Events for technical and security practitioners

Security teams look for conferences that provide specialized knowledge on the industry in which they work or on a narrow cybersecurity topic.

Legalweek

Dates: March 24-27, 2025
Location: New York, NY

Legalweek is a weeklong conference where approximately 6,000 members of the legal community will gather to network with their peers, explore emerging trends, spotlight the latest tech, and offer a roadmap through industry shifts. Topics explored at past Legalweek conferences include the ethical and regulatory impact of using your data to train AI, litigation in the age of cybersecurity, and maximizing efficiency and legal automation.  

This year, we’ll be sponsoring three sessions on AI and one on collaboration in complex litigation. As in years past, Microsoft is hosting an Executive Breakfast at Legalweek from 7:30 AM ET-8:45 AM ET on Tuesday, March 25, 2025. RSVP today and stop by Booth #3103 in New York Hilton Midtown Americas Hall 2 to learn more about the latest Microsoft Purview innovations. If you’d like to meet with our team while at Legalweek, sign up for a one-on-one meeting.

Identiverse

Dates: June 3-6, 2025
Location: Las Vegas, NV

Limiting access to AI, apps, and resources to those with the proper permissions is a crucial part of security. The Identiverse conference provides education, collaboration, and insight into the future of identity security. More than 2,500 attendees will share insights, develop new ideas, and advance the state of modern digital identity and security.

The event features sessions on best practices, industry trends, and latest technologies; an exhibition hall to showcase the latest identity solution innovations; and networking opportunities. Microsoft will host a booth where attendees can connect with Microsoft Security experts and leaders.

Events for developers

The cybersecurity talent shortage is requiring many to step up even if cybersecurity isn’t in their official job description. If you are an IT professional being tasked with cybersecurity or someone with an eagerness to learn cybersecurity tactics, join our Microsoft events aimed at helping you uplevel your cybersecurity skills.

Microsoft Build

Dates: May 19-22, 2025
Location: Seattle, WA

Security is a team sport and developers are increasingly the first string team members who build security into the development of applications. Microsoft Build Conference 2025 is Microsoft’s developer-focused event. It will showcase exciting updates and innovations from Microsoft Security for developers to create AI-enabled security solutions for their organizations.

The event includes connection opportunities, demos, and security-focused sessions. Past topics have included using AI to accelerate development processes, tools for enhancing the developer experience, and strategies for building in the cloud. Stay up to date on Microsoft Build news and find out when registration is open.

Find your inspiration at an event this year

Cybersecurity events foster a culture of continuous learning and adaptation, empowering you to stay ahead of emerging cyberthreats and maintain a resilient security posture. The ideas will flow freely at these events. Whether you attend one of the biggest conferences of the year or a smaller event (or both), you’ll be in good company. Microsoft Security will be there be, too, excited to share and eager to learn.

Hope to see you at a future event!

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Hear from Microsoft Security experts at these top cybersecurity events in 2025 appeared first on Microsoft Security Blog.

Nation-states and advanced cybercriminals are making significant investments in infrastructure and automation to intensify familiar cyberattack patterns; password attacks, for example, escalated from 579 incidents per second in 2021¹ to 7,000 in 2024.² These groups are also adopting emerging technologies such as AI to create deepfakes and personalized spear-phishing campaigns that manipulate people into granting unauthorized access.

Adopting proactive defensive measures is the only way to get ahead of such determined efforts to compromise identities and gain access to your environment.

Microsoft is strengthening our own defenses through the Secure Future Initiative (SFI), a multiyear commitment to advance the way we design, build, test, and operate Microsoft technology to ensure it meets the highest possible standards for security. One of our first steps was to conduct a full inventory of our environment and do a thorough “spring cleaning,” deleting 730,000 outdated and non-compliant apps and removing 5.75 million unused or outdated Microsoft Entra ID systems from production and test areas.³ As part of this process, we deeply examined identity and network access controls, addressed top risks, implemented standard practices, and improved our incident response.

We learned from talking with our largest customers that many are dealing with the exact same issues; they’re also assessing their environments to surface potential vulnerabilities and strengthen their defenses. Based on these learnings and on the evolving behavior of threat actors, we’ve identified three priorities for enhancing identity and access security measures for 2025:

1. Start secure, stay secure, and prepare for new cyberthreats.
2. Extend Zero Trust access controls to all resources.
3. Use generative AI to tip the scales in favor of defenders.

1. Start secure, stay secure, and prepare for new cyberthreats

Many organizations struggle to eliminate technical and security debt while continuing to add new users, resources, and applications. While more of our customers are implementing basic identity security measures, such as multifactor authentication, they may still not enforce them everywhere. Moreover, basic measures aren’t enough to protect against advanced identity attacks such as token theft⁴ or adversary-in-the-middle phishing.⁵

It’s essential to understand your entire attack surface, identify all potential entry points, and proactively apply access security that closes any gaps.

Traditional security approaches deploy security tools and measures “as needed.” Unfortunately, the additive approach of starting at 100% open and then dialing up defenses leaves holes that bad actors can exploit and use as launching pads for lateral movement. Reactive security isn’t enough to safeguard your environment. Our guidance for 2025 is to always start at the highest level of security (Secure by Default), then dial back as needed for compatibility or other reasons. It’s also critical to protect all identities: employees, contractors, partners, customers, and, most importantly, machine, service, and AI identities.

To encourage Secure by Default practices with customers, Microsoft last year mandated the use of multifactor authentication across the Microsoft Azure portal, Microsoft Entra admin center, and Microsoft Intune admin center. To complement security defaults, we started rolling out Microsoft-managed Conditional Access policies for all new tenants to ensure you benefit from baseline risk-based security policies that are pre-configured and turned on by default.⁶ Tenants that retain security defaults experience 80% fewer compromised accounts than unprotected tenants, while compromise rates have fallen by 20.5% for Microsoft Entra ID Premium tenants with Microsoft-managed policies enabled.⁶

Outlined below are practical measures that any security leader can implement to improve hygiene and safeguard identities within their organization:

• Implement multifactor authentication: Prioritize phishing-resistant authentication methods like passkeys, which are considered the most secure option currently available. Require multifactor authentication for all applications, including private and legacy ones. Also consider using high-assurance credentials like digital employee IDs with facial matching for workflows such as new employee onboarding and password resets.
• Employ risk-based Conditional Access policies and continuous access evaluation: Configure strong Conditional Access policies that initiate additional security measures, such as step-up authentication, automatically for high-risk sign-ins. Allow only just-enough access, and ideally just-in-time access, to critical resources. Augment Conditional Access with continuous access evaluation to ensure ongoing access checks and to protect against token theft.
• Discover and manage shadow IT: Detect unauthorized apps (also known as shadow IT) and tenants, so you can control access to them. Shadow IT often lacks essential security controls that organizations enforce and manage to prevent compromise. Shadow tenants, often created for development and testing, may lack sufficient security policies and controls. Establish standard processes for creating new tenants that are secure by default and then safely retiring them when they’re no longer needed.
• Secure access for non-human identities: Start by taking an inventory of your workload identities. Replace secrets, credentials, certificates, and keys with more secure authentication, such as managed identities for Azure resources. Implement least privilege and just-in-time access coupled with granular Conditional Access policies for workload identities.  

To get started: Explore Microsoft Entra ID capabilities for multifactor authentication, Conditional Access, continuous access evaluation, and Microsoft Entra ID Protection. Confirm that security defaults or Microsoft-managed Conditional Access Policies are enabled on all your tenants and obtain guidance on the phishing-resistant authentication methods available in Microsoft Entra ID, including passkeys. Use Microsoft Defender for Cloud Apps to discover and manage shadow IT in your Microsoft network. Adopt managed identities for Azure and workload identity federation, and strengthen access controls for non-human identities with Microsoft Entra Workload ID.

2. Extend Zero Trust access controls to all resources

It’s essential to have visibility, control, and governance over who and what has access to your environment, what they’re trying to do, and why. The goal is to enable flexible work while protecting against escalating cyberthreats. This requires extending Zero Trust access controls to every resource and entry point, including legacy on-premises applications and services, legacy devices and infrastructure, and any internet destinations. Consider how you can reduce effort and errors using automation, while also making it easier for security teams to share insights and collaborate.

Outlined below are key strategies for extending Zero Trust access controls to all resources.

• Unify your access policy engines across all users, applications, endpoints, and networks to simplify your Zero Trust architecture. Converge access policies for identity security tools and network security tools to eliminate coverage gaps and enforce more robust access controls.
• Extend modern access controls to all apps and internet resources: Use modern network security tools like Secure Access Service Edge to extend strong authentication, Conditional Access, and continuous access evaluation to legacy on-premises apps, shadow IT apps, and any internet destination. Retire your outdated VPN and configure granular per-app access policies to prevent lateral movement inside your network.
• Enforce least privilege access: Automate your identity and access lifecycle to ensure that all users only have necessary access as they join your organization and change jobs, and that their access is revoked as soon as they leave. Use cloud human resources systems as a source of authority in join-move-leave workflows to enforce real-time access changes. Eliminate standing privileges and require just-in-time access for sensitive workloads and data. Regularly review access permissions to help prevent lateral movement in case of a user identity compromise.

To get started: Explore the Microsoft Entra Suite to secure user access and simplify Zero Trust deployments. Use entitlement management and lifecycle workflows to automate identity and access lifecycle processes. Use Microsoft Entra Private Access to replace legacy VPN with modern access controls, and use Microsoft Entra Internet Access to extend Conditional Access and conditional access evaluation to any resource, including shadow IT apps and internet destinations. Use Microsoft Entra Workload ID to secure access for non-human identities.

3. Use generative AI to tip the scales in favor of defenders

Generative AI is indispensable for staying ahead of cyberthreats in 2025. It helps defenders identify policy gaps, detect risks, and automate processes to strengthen security practices and defend against threats. A recent study found that within three months, organizations using Microsoft Security Copilot experienced a 30.13% reduction in average time to resolve security incidents.⁷ For identity teams, the impact is even more pronounced. IT admins using Copilot in the Microsoft Entra admin center spent 45.41% less time troubleshooting sign-ins, and increased accuracy by 46.88%.⁸

Outlined below are opportunities available to transform the daily work of identity professionals with generative AI:

• Enhance risky user investigations: Investigate identity compromises faster with AI-powered recommendations for proactive mitigation and defense. Use natural language conversations to investigate risky users and to gain insights into elevated risk levels and risky sign-ins.
• Troubleshoot sign-ins: Use natural language conversations to uncover root causes of sign-in failures, interruptions, or multifactor authentication prompts. Automate troubleshooting tasks and let AI discover actionable insights across user details, group details, sign-in logs, audit logs, and diagnostic logs.
• Mitigate app risks: Use intuitive prompts to manage and remediate application risks as well as gain detailed insights into permissions, workload identities, and cyberthreats.

At Microsoft Ignite 2024, we announced the preview of Security Copilot embedded directly into the Microsoft Entra admin center that included new skills to empower identity professionals and security analysts. We’re committed to enhancing Security Copilot to help identity and network security professionals collaborate effectively, respond more swiftly, and get ahead of emerging threats. We encourage you to participate in shaping these tools as we develop them.

To get started: Learn more about getting started with Microsoft Security Copilot.

Our commitment to supporting proactive security measures

By investing in proactive measures in 2025, you can significantly improve your security hygiene and operational resilience. To help you strengthen your defenses, we’re committed to innovating ahead of malicious actors, simplifying security to reduce the burden on security teams, and sharing everything we learn from protecting Microsoft and our customers.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹The passwordless future is here for your Microsoft account, Vasu Jakkal. September 15, 2021.

²Microsoft Digital Defense Report 2024.

³Secure Future Initiative: September 2024 Progress Report, Microsoft.

⁴How to break the token theft cyber-attack chain, Alex Weinert. June 20, 2024.

⁵Defeating Adversary-in-the-Middle phishing attacks, Alex Weinert. November 18, 2024.

⁶Automatic Conditional Access policies in Microsoft Entra streamline identity protection, Alex Weinert. November 3, 2023.

⁷Generative AI and Security Operations Center Productivity: Evidence from Live Operations, Microsoft. November 2024.

⁸Randomized Controlled Trials for Security Copilot for IT Administrators, Microsoft. November 2024.

The post 3 priorities for adopting proactive identity and access security in 2025 appeared first on Microsoft Security Blog.

The AI red team was formed in 2018 to address the growing landscape of AI safety and security risks. Since then, we have expanded the scope and scale of our work significantly. We are one of the first red teams in the industry to cover both security and responsible AI, and red teaming has become a key part of Microsoft’s approach to generative AI product development. Red teaming is the first step in identifying potential harms and is followed by important initiatives at the company to measure, manage, and govern AI risk for our customers. Last year, we also announced PyRIT (The Python Risk Identification Tool for generative AI), an open-source toolkit to help researchers identify vulnerabilities in their own AI systems.

With a focus on our expanded mission, we have now red-teamed more than 100 generative AI products. The whitepaper we are now releasing provides more detail about our approach to AI red teaming and includes the following highlights:

• Our AI red team ontology, which we use to model the main components of a cyberattack including adversarial or benign actors, TTPs (Tactics, Techniques, and Procedures), system weaknesses, and downstream impacts. This ontology provides a cohesive way to interpret and disseminate a wide range of safety and security findings.
• Eight main lessons learned from our experience red teaming more than 100 generative AI products. These lessons are geared towards security professionals looking to identify risks in their own AI systems, and they shed light on how to align red teaming efforts with potential harms in the real world.
• Five case studies from our operations, which highlight the wide range of vulnerabilities that we look for including traditional security, responsible AI, and psychosocial harms. Each case study demonstrates how our ontology is used to capture the main components of an attack or system vulnerability.

Lessons from Red Teaming 100 Generative AI Products

Discover more about our approach to AI red teaming.

Read the whitepaper

Microsoft AI red team tackles a multitude of scenarios

Over the years, the AI red team has tackled a wide assortment of scenarios that other organizations have likely encountered as well. We focus on vulnerabilities most likely to cause harm in the real world, and our whitepaper shares case studies from our operations that highlight how we have done this in four scenarios including security, responsible AI, dangerous capabilities (such as a model’s ability to generate hazardous content), and psychosocial harms. As a result, we are able to recognize a variety of potential cyberthreats and adapt quickly when confronting new ones.

This mission has given our red team a breadth of experiences to skillfully tackle risks regardless of:

• System type, including Microsoft Copilot, models embedded in systems, and open-source models.
• Modality, whether text-to-text, text-to-image, or text-to-video.
• User type—enterprise user risk, for example, is different from consumer risks and requires a unique red teaming approach. Niche audiences, such as for a specific industry like healthcare, also deserve a nuanced approach. 

Top three takeaways from the whitepaper

AI red teaming is a practice for probing the safety and security of generative AI systems. Put simply, we “break” the technology so that others can build it back stronger. Years of red teaming have given us invaluable insight into the most effective strategies. In reflecting on the eight lessons discussed in the whitepaper, we can distill three top takeaways that business leaders should know.

Takeaway 1: Generative AI systems amplify existing security risks and introduce new ones

The integration of generative AI models into modern applications has introduced novel cyberattack vectors. However, many discussions around AI security overlook existing vulnerabilities. AI red teams should pay attention to cyberattack vectors both old and new.

• Existing security risks: Application security risks often stem from improper security engineering practices including outdated dependencies, improper error handling, credentials in source, lack of input and output sanitization, and insecure packet encryption. One of the case studies in our whitepaper describes how an outdated FFmpeg component in a video processing AI application introduced a well-known security vulnerability called server-side request forgery (SSRF), which could allow an adversary to escalate their system privileges.

• Model-level weaknesses: AI models have expanded the cyberattack surface by introducing new vulnerabilities. Prompt injections, for example, exploit the fact that AI models often struggle to distinguish between system-level instructions and user data. Our whitepaper includes a red teaming case study about how we used prompt injections to trick a vision language model.

Red team tip: AI red teams should be attuned to new cyberattack vectors while remaining vigilant for existing security risks. AI security best practices should include basic cyber hygiene.

Takeaway 2: Humans are at the center of improving and securing AI

While automation tools are useful for creating prompts, orchestrating cyberattacks, and scoring responses, red teaming can’t be automated entirely. AI red teaming relies heavily on human expertise.

Humans are important for several reasons, including:

• Subject matter expertise: LLMs are capable of evaluating whether an AI model response contains hate speech or explicit sexual content, but they’re not as reliable at assessing content in specialized areas like medicine, cybersecurity, and CBRN (chemical, biological, radiological, and nuclear). These areas require subject matter experts who can evaluate content risk for AI red teams.
• Cultural competence: Modern language models use primarily English training data, performance benchmarks, and safety evaluations. However, as AI models are deployed around the world, it is crucial to design red teaming probes that not only account for linguistic differences but also redefine harms in different political and cultural contexts. These methods can be developed only through the collaborative effort of people with diverse cultural backgrounds and expertise.
• Emotional intelligence: In some cases, emotional intelligence is required to evaluate the outputs of AI models. One of the case studies in our whitepaper discusses how we are probing for psychosocial harms by investigating how chatbots respond to users in distress. Ultimately, only humans can fully assess the range of interactions that users might have with AI systems in the wild.

Red team tip: Adopt tools like PyRIT to scale up operations but keep humans in the red teaming loop for the greatest success at identifying impactful AI safety and security vulnerabilities.

Takeaway 3: Defense in depth is key for keeping AI systems safe

Numerous mitigations have been developed to address the safety and security risks posed by AI systems. However, it is important to remember that mitigations do not eliminate risk entirely. Ultimately, AI red teaming is a continuous process that should adapt to the rapidly evolving risk landscape and aim to raise the cost of successfully attacking a system as much as possible.

• Novel harm categories: As AI systems become more sophisticated, they often introduce entirely new harm categories. For example, one of our case studies explains how we probed a state-of-the-art LLM for risky persuasive capabilities. AI red teams must constantly update their practices to anticipate and probe for these novel risks.
• Economics of cybersecurity: Every system is vulnerable because humans are fallible, and adversaries are persistent. However, you can deter adversaries by raising the cost of attacking a system beyond the value that would be gained. One way to raise the cost of cyberattacks is by using break-fix cycles.¹ This involves undertaking multiple rounds of red teaming, measurement, and mitigation—sometimes referred to as “purple teaming”—to strengthen the system to handle a variety of attacks.
• Government action: Industry action to defend against cyberattackers and
  failures is one side of the AI safety and security coin. The other side is
  government action in a way that could deter and discourage these broader
  failures. Both public and private sectors need to demonstrate commitment and vigilance, ensuring that cyberattackers no longer hold the upper hand and society at large can benefit from AI systems that are inherently safe and secure.

Red team tip: Continually update your practices to account for novel harms, use break-fix cycles to make AI systems as safe and secure as possible, and invest in robust measurement and mitigation techniques.

Advance your AI red teaming expertise

The “Lessons From Red Teaming 100 Generative AI Products” whitepaper includes our AI red team ontology, additional lessons learned, and five case studies from our operations. We hope you will find the paper and the ontology useful in organizing your own AI red teaming exercises and developing further case studies by taking advantage of PyRIT, our open-source automation framework.

Together, the cybersecurity community can refine its approaches and share best practices to effectively address the challenges ahead. Download our red teaming whitepaper to read more about what we’ve learned. As we progress along our own continuous learning journey, we would welcome your feedback and hearing about your own AI red teaming experiences.

Learn more with Microsoft Security

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹ Phi-3 Safety Post-Training: Aligning Language Models with a “Break-Fix” Cycle

The post 3 takeaways from red teaming 100 generative AI products appeared first on Microsoft Security Blog.

While there are new vendors launching MDR services regularly, many security teams are turning to Microsoft Defender Experts for XDR, a recognized leader, to deliver comprehensive coverage.¹ Employed worldwide by organizations across industries, Microsoft’s team of dedicated experts proactively hunts for cyberthreats and triages, investigates, and responds to incidents on a customer’s behalf around the clock across their most critical assets. Our proven service brings together in-house security professionals and industry-leading protection with Microsoft Defender XDR to help security teams rapidly stop cyberthreats and keep their environments secure.² 

Frost & Sullivan names Microsoft Defender Experts for XDR a leader in the Frost Radar™ Managed Detection and Response for 2024.¹ 

Microsoft Defender Experts for XDR

Give your security operations center team coverage with end-to-end protection and expertise.

Learn more

Reduce the staffing burden, improve security coverage, and focus on other priorities

Microsoft Defender Experts for XDR improves operational efficacy greatly while elevating an organization’s security posture to a new level. The team of experts will monitor the environment, find and halt cyberthreats, and help contain incidents faster with human-led response and remediation. With Defender Experts for XDR, organizations will expand their threat protection capabilities, reduce the number of incidents over time, and have more resources to focus on other priorities.

More experts on your side

Scaling in-house security teams remains challenging. Security experts are not only scarce but expensive. The persistent gap in open security positions has widened to 25% since 2022, meaning one in four in-house security analyst positions will remain unfilled.³ In the Forrester Consulting New Technology Project Total Economic Impact study, without Defender Experts for XDR, the in-house team size for the composite organization would need to increase by up to 30% in mid-impact scenario or 40% in high-impact scenario in year one to provide the same level of threat detection service.⁴ When you consider the lack of available security talent, increasing an in-house team size by 40% poses significant security concerns to CISOs. Existing security team members won’t be able to perform all the tasks required. Many will be overworked, which may lead to burnout.

With more than 34,000 full-time equivalent security engineers, Microsoft is one of the largest security companies in the world. Microsoft Defender Experts for XDR reinforces your security team with Microsoft security professionals to help reduce talent gap concerns. In addition to the team of experts, customers have additional Microsoft security resources to help with onboarding, recommendations, and strategic insights.

“Microsoft has the assets and people I needed. All the technologies, Microsoft Azure, and a full software stack end-to-end, all combined together with the fabric of security. Microsoft [Defender Experts for XDR] has the people and the ability to hire and train those people with the most upmost skill set to deal with the issues we face.”

—Head of Cybersecurity Response Architecture, financial services industry

Accelerate and expand protection against today’s cyberthreats

Microsoft Defender Experts for XDR deploys quickly. That’s welcome news to organizations concerned about maturing their security program and can’t wait for new staffing and capabilities to be developed in-house. Customers can quickly leverage the deep expertise of the Microsoft Defender Experts for XDR team to tackle the increasing number of sophisticated threats. 

CISOs and security teams know that phishing attacks continue to rise because cybercriminals are finding success. Email remains the most common method for phishing attacks, with 91% of all cyberattacks beginning with a phishing email. Phishing is the primary method for delivering ransomware, accounting for 45% of all ransomware attacks. Financial institutions are most targeted at 27.7% followed by nearly all other industries.⁵

According to internal Microsoft Defender Experts for XDR statistics, roughly 40% of halted threats are phishing.

Microsoft Defender Experts for XDR is a managed extended detection and response service (MXDR). MXDR is an evolution of traditional MDR services, which primarily focuses on endpoints. Our MXDR service has greater protection across endpoints, email and productivity tools, identities, and cloud apps—ensuring the detection and disruption of many cyberthreats, such as phishing, that would not be covered by endpoint-only managed services. That expanded and consolidated coverage enables Microsoft Defender Experts for XDR to find even the most emergent threats. For example, our in-house team identified and disrupted a significant Octo Tempest operation that was working across previously siloed domains. 

The reduction in the likelihood of breaches with Microsoft Defender Experts for XDR is roughly 20% and is worth $261,000 to $522,000 over three years with Defender Experts.⁴

In addition to detecting, triaging, and responding to cyberthreats, Microsoft Defender Experts for XDR publishes insights to keep organizations secure. That includes recent blogs on file hosting services abuse and phishing abuse of remote monitoring and management tools. As well, the MXDR service vetted roughly 45 indicators related to adversary-in-the-middle, password spray, and multifactor authentication fatigue and added them to Spectre to help keep organizations secure.

From September 2024 through November 2024, Microsoft Security published multiple cyberthreat articles covering real-world exploration topics such as Roadtools, AzureHound, Fake Palo Alto GlobalProtect, AsyncRAT via ScreenConnect, Specula C2 Framework, SectopRAT campaign, Selenium Grid for Cryptomining, and Specula.

“The Microsoft MXDR service, Microsoft Defender Experts for XDR, is helping our SOC team around the clock and taking our security posture to the next level. On our second day of using the service, there was an alert we had previously dismissed, but Microsoft continued the investigation and identified a machine in our environment that was open to the internet. It was created by a threat actor using a remote desktop protocol (RDP). Microsoft Defender Experts for XDR’s MXDR investigation and response to remediate the issue was immediately valuable to us.”

—Director of Security Operations, financial services industry

Halt cyberthreats before they do damage

In 2024 the mean time for the average organization to identify a breach was 194 days and containment 64 days.⁶  Organizations must proactively look for cyberattackers across unified cross-domain telemetry versus relying solely on disparate product alerts. Proactive threat hunting is no longer a nice-to-have in an organization’s security practice. It’s a must-have to detect cyberthreats faster before they can do significant harm.

When every minute counts, Microsoft Defender Experts for XDR can help speed up the detection of an intrusion with proactive threat hunting informed by Microsoft’s threat intelligence, which tracks more than 1,500 unique cyberthreat groups and correlates insights from 78 trillion security signals per day.⁷

Microsoft Defender Experts for Hunting proactively looks for threats around the clock across endpoints, email, identity, and cloud apps using Microsoft Defender and other signals. Threat hunting leverages advanced AI and human expertise to probe deeper and rapidly correlate and expose cyberthreats across an organization’s security stack. With visibility across diverse, cross-domain telemetry and threat intelligence, Microsoft Defender Experts for Hunting extends in-house threat hunting capabilities to provide an additional layer of threat detection to improve a SOC’s overall threat response and security efficacy.

In a recent survey, 63% of organizations saw a measurable improvement in their security posture with threat hunting. 49% saw a reduction in network and endpoint attacks along with more accurate threat detection and a reduction of false positives.⁸

Microsoft Defender Experts for Hunting enables organizations to detect and mitigate cyberthreats such as advanced persistent threats or zero-day vulnerabilities. By actively seeking out hidden risks and reducing dwell time, threat hunting minimizes potential damage, enhances incident response, and strengthens overall security posture.

Microsoft Defender Experts for XDR, which includes Microsoft Defender Experts for Hunting, allows customers to stay ahead of sophisticated threat actors, uncover gaps in defenses, and adapt to an ever-evolving cyberthreat landscape.

“Managed threat hunting services detect and address security threats before they become major incidents, reducing potential damage. By implementing this (Defender Experts for Hunting), we enhance our cybersecurity posture by having experts who continuously look for hidden threats, ensuring the safety of our data, reputation, and customer trust.”

—CISO, technology industry

Spend less to get more

Microsoft Defender Experts for XDR helps CISOs do more with their security budgets. According to a 2024 Forrester Total Economic Impact™ study, Microsoft Defender Experts for XDR generated a project return on investment (ROI) of up to 254% with a projected net present value of up to $6.1 million for the profiled composite company.⁴

Microsoft Defender Experts for XDR includes trusted advisors who provide insights on operationalizing Microsoft Defender XDR for optimal security efficacy. This helps reduce the burden on in-house security and IT teams so they can focus on other projects.

Beyond lowering security operations costs, the Forrester study noted Microsoft Defender Experts for XDR efficiency gains for surveyed customers, including a 49% decrease in security-related IT help desk tickets. Other productivity gains included freeing up 42% of available full time employee hours and lowering general IT security-related project hours by 20%.⁴

Learn how Microsoft Defender Experts for XDR can improve organizational security

Microsoft Defender Experts for XDR is Microsoft’s MXDR service. It delivers round-the-clock threat detection, investigation, and response capabilities, along with proactive threat hunting. Designed to help close the security talent gap and enhance organizational security postures, the MXDR service combines Microsoft’s advanced Microsoft Defender XDR capabilities with dedicated security experts to tackle cyberthreats like phishing, ransomware, and zero-day vulnerabilities. Offering rapid deployment, significant ROI (254%, as per Forrester), and operational efficiencies, Microsoft Defender Experts for XDR reduces incident and alerts volume, improves the security posture, and frees up in-house resources. Organizations worldwide benefit from these scalable solutions, leveraging Microsoft’s threat intelligence and security expertise to stay ahead of evolving cyberthreats.

To learn more, please visit Microsoft Defender Experts for XDR or contact your Microsoft security representative.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Frost & Sullivan names Microsoft a Leader in the Frost Radar™: Managed Detection and Response, 2024, Srikanth Shoroff. March 25, 2024.

²Microsoft a Leader in the Forrester Wave for XDR, Microsoft Security Blog. June 3, 2024.

³ISC2 Cybersecurity Workforce Report, 2024.

⁴Forrester Consulting study commissioned by Microsoft, 2024, New Technology: The Projected Total Economic Impact™ of Microsoft Defender Experts For XDR.

⁵2024 Phishing Facts and Statistics, Identitytheft.org.

⁶Time to identify and contain data breaches global 2024, Statista.

⁷Microsoft Digital Defense Report, 2024.

⁸SANS 2024 Threat Hunting Survey, March 19, 2024.

The post Why security teams rely on Microsoft Defender Experts for XDR for managed detection and response appeared first on Microsoft Security Blog.

The results are in, and they might be surprising. Of the study’s 156 respondents, those whose companies have implemented greater quantities of security solutions are experiencing a higher average number of security incidents—15.3 incidents versus 10.5 incidents for organizations with fewer security tools. That’s more than a 31% increase in self-reported incidents. You can read up on the full results in the e-book The unified security platform era is here.

This reinforces the observations Microsoft made based on its own telemetry. The security teams we see that prioritize deploying a diverse portfolio of “category leaders” often have overlapping policies and controls that create weak points. The silos created by separate solutions also make it hard to coordinate an effective defense before breaches happen, uncover the true scope of incidents, or to respond quickly.

The unified security platform era is here

Read the e-book to gain research-driven insights into securing your organization with a unified security platform.

Get the e-book

Why consolidated security wins

The initial stages of cyberattacks remain fairly consistent year over year—with brute force identity attacks, phishing and social engineering, and internet-exposed vulnerabilities continuing to be the most common. Threat actors are still largely using opportunity-based tactics for these first few steps. It’s only once someone’s credentials are obtained by bad actors that they begin taking more targeted action against a company’s infrastructure. When they do this, the would-be cyberattackers often conduct significant reconnaissance, demonstrating a tremendous understanding of the enterprise environment by targeting the seams between security solutions and taking advantage of technical debt. Examples of this could include a test app from an untracked satellite tenant that doesn’t enforce multifactor authentication, devices infected with malware, or legacy authentication protocols.

Diverse tool portfolios are very likely to lack the integration and signal sharing required to help security teams to understand how, or even if, cyberattackers are exploiting their infrastructure. As a result, cyberattackers have more seams they can exploit, they can remain undetected longer, and security teams will have a harder time ensuring they’ve fully removed the attackers’ access.

While there will never be a single comprehensive security tool, organizations that streamline their security stacks by adopting a security platform that integrates controls, policies, and signals will have a more resilient and comprehensively protected environment that can respond to cyberthreats more effectively. The research done by Foundry and Microsoft shows how this unified security approach helps security teams act more efficiently, reduce core metrics like mean time to repair and mean time to acknowledge, and improve their overall security posture. By eliminating many of the potential seams between standalone solutions, these companies were able to prevent, detect, and respond to many more security threats as they emerged.

A streamlined, unified security approach like the Microsoft unified security operations platform, which provides its users with a consistent data model and reduced silos, can also generate better results from automation and AI—both of which are powerful tools that help security operations (SecOps) teams close critical security gaps through improved exposure management, resiliency, and incident detection and response. Equally, SecOps teams that gain a single, centralized, and contextualized view of their company’s cyberthreat exposure are better able to measure and improve their security posture. By gaining the visibility and tools to conduct this kind of exposure management, these teams are able to shift from traditional, reactive detection and response-based security postures to more proactive postures that prioritize exposure-mitigating actions across devices, identities, applications, data, and their multicloud infrastructure.

Unified security means fewer cyberattacks and improved posture

The two biggest reported challenges facing respondents who were looking to improve their security posture were the complexity of their current environment and poor visibility across their security landscape. In fact, these challenges have become so universally apparent to the Foundry study’s survey participants that 91% of respondents operating a best-of-breed security approach are prioritizing vendor consolidation in the next 12 months. The same is true of 79% of respondents using 10 or more security tools. This strategy helps shift toward a more proactive security posture, and the Foundry study shows that it can also have a dramatically positive effect on the average number of security incidents a company faces.  

As 2024 has shown, keeping software up to date and installing strong security measures isn’t enough. It is nearly impossible for any organization to “out-patch” threat actors. Everyone needs to shift away from working through lists of vulnerabilities and to focus more on thinking like a cyberattacker—viewing vulnerabilities not as a list, but as elements that could be chained together to breach our environments in order to reach critical assets.

This is made much more difficult when using a diverse array of security vendors for each of your main security domains. Gaining visibility into possible attack paths, prioritizing based on potential incident severity, and then confidently removing the vulnerabilities is all made vastly more difficult when the work needs to be done manually across dozens of silos.

A unified platform changes how risk exposure can be handled. For example, security teams can use attack paths to remove vulnerabilities as if they’re responding to security incidents—with a prioritized list, systematically addressed based on variables like sensitivity of data, importance of critical assets, and severity of exposure. And with the native integrations of a platform, this value can be extended beyond just managing vulnerabilities. If you’re investigating a new incident and you’re shown that one of the compromised entities could lead to critical assets, that context could make the difference between routine remediation and a board-level briefing.

Setting out on your unified security platform journey

Reducing and consolidating security tools around a unified security platform is no small feat, either technologically or culturally. To get started, target a few small but key areas. This will give your security operations center (SOC) team a few quick wins and prove the value of consolidation to you and your stakeholders. You’ll also be able to customize and refine your new environment, ensuring necessary integrations are in place for end-to-end visibility without disrupting operations. You may also want to focus on change management early on, reskilling team members in a way that provides ample time for them to ramp up before going live.

Moving to a unified security platform is not just about improving defenses, so don’t forget to lend some of your time to maintaining positive employee experiences. Reducing friction across endpoint devices, apps, identities, and networks will make it easier for employees to access the systems and data they need. It also reduces the chance that employees will try to bypass new security policies in the interest of maintaining learned behaviors. To learn more about consolidating your security platform, the current state of threat protection, where organizations and security professionals are focusing with their current practices, and where they see opportunities for using AI in security operations, check out the new e-book The unified security platform era is here. And head over to the Microsoft Security web page for more information about how Microsoft is innovating in the security space, including through the use of responsible AI.

Learn more

Learn more about the Microsoft unified security operations platform.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

About the research 

Foundry conducted an online study to understand the current state of cyberthreat protection, where organizations and security professionals are focusing with their current practices, and where they see opportunities for using AI in security operations.  

The study, commissioned by Microsoft, was conducted in June 2024. The 156 respondents comprised senior-level IT decision-makers with a primary role in security management, at organizations with 500 or more employees.  

¹Microsoft Digital Defense Report 2024.

The post Foundry study highlights the benefits of a unified security platform in new e-book appeared first on Microsoft Security Blog.

At Microsoft, we remain steadfast in our commitment to security, which continues to be our top priority. Through our Secure Future Initiative (SFI), we’ve dedicated the equivalent of 34,000 full-time engineers to the effort, making it the largest cybersecurity engineering project in history—driving continuous improvement in our cyber resilience. In our latest update, we share insights into the work we are doing in culture, governance, and cybernorms to promote transparency and better support our customers in this new era of security. For each engineering pillar, we provide details on steps taken to reduce risk and provide guidance so customers can do the same.

Insights gained from SFI help us continue to harden our security posture and product development. At Microsoft Ignite 2024, we are pleased to unveil new security solutions, an industry-leading bug bounty program, and innovations in our AI platform. 

Transforming security with graph-based posture management 

Microsoft’s Security Fellow and Deputy Chief Information Security Office (CISO) John Lambert says, “Defenders think in lists, cyberattackers think in graphs. As long as this is true, attackers win,” referring to cyberattackers’ relentless focus on the relationships between things like identities, files, and devices. Exploiting these relationships helps criminals and spies do more extensive damage beyond the point of intrusion. Poor visibility and understanding of relationships and pathways between entities can limit traditional security solutions to defending in siloes, unable to detect or disrupt advanced persistent threats (APTs).

We are excited to announce the general availability of Microsoft Security Exposure Management. This innovative solution dynamically maps changing relationships between critical assets such as devices, data, identities, and other connections. Powered by our security graph, and now with third-party connectors for Rapid 7, ServiceNow, Qualys, and Tenable in preview, Exposure Management provides customers with a comprehensive, dynamic view of their IT assets and potential cyberattack paths. This empowers security teams to be more proactive with an end-to-end exposure management solution. In the constantly evolving cyberthreat landscape, defenders need tools that can quickly identify signal from noise and help prioritize critical tasks.  

Beyond seeing potential cyberattack paths, Exposure Management also helps security and IT teams measure the effectiveness of their cyber hygiene and security initiatives such as zero trust, cloud security, and more. Currently, customers are using Exposure Management in more than 70,000 cloud tenants to proactively protect critical entities and measure their cybersecurity effectiveness.

Announcing $4 million AI and cloud security bug bounty “Zero Day Quest” 

Born out of our Secure Future Initiative commitments and our belief that security is a team sport, we also announced Zero Day Quest, the industry’s largest public security research event. We have a long history of partnering across the industry to mitigate potential issues before they impact our customers, which also helps us build more secure products by default and by design.  

Every year our bug bounty program pays millions for high-quality security research with over $16 million awarded last year. Zero Day Quest will build on this work with an additional $4 million in potential rewards focused on cloud and AI—— which are areas of highest impact to our customers. We are also committed to collaborating with the security community by providing access to our engineers and AI red teams. The quest starts now and will culminate in an in-person hacking event in 2025.

As part of our ongoing commitment to transparency, we will share the details of the critical bugs once they are fixed so the whole industry can learn from them—after all, security is a team sport. 

New advances for securing AI and new skills for Security Copilot 

AI adoption is rapidly outpacing many other technologies in the digital era. Our generative AI solution, Microsoft Security Copilot, continues to be adopted by security teams to boost productivity and effectiveness. Organizations in every industry, including National Australia Bank, Intesa Sanpaolo, Oregon State University, and Eastman are able to perform security tasks faster and more accurately.² A recent study found that three months after adopting Security Copilot, organizations saw a 30% reduction in their mean time to resolve security incidents. More than 100 partners have integrated with Security Copilot to enrich the insights with ecosystem data. New Copilot skills are now available for IT admins in Microsoft Entra and Microsoft Intune, data security and compliance teams in Microsoft Purview, and security operations teams in the Microsoft Defender product family.   

According to our Security for AI team’s new “Accelerate AI transformation with strong security” white paper, we found that over 95% of organizations surveyed are either already using or developing generative AI, or they plan to do so in the future, with two thirds (66%) choosing to develop multiple AI apps of their own. This fast-paced adoption has led to 37 new AI-related bills passed into law worldwide in 2023, reflecting a growing international effort to address the security, safety, compliance, and transparency challenges posed by AI technologies.³ This underscores the criticality of securing and governing the data that fuels AI. Through Microsoft Defender, our customers have discovered and secured more than 750,000 generative AI app instances and Microsoft Purview has audited more than a billion Copilot interactions.⁴  

Microsoft Purview is already helping thousands of organizations, such as Cummins, KPMG, and Auburn University, with their AI transformation by providing data security and compliance capabilities across Microsoft and third-party applications. Now, we’re announcing new capabilities in Microsoft Purview to discover, protect, and govern data in generative AI applications. Available for preview, new capabilities in Purview include Data Loss Prevention (DLP) for Microsoft 365 Copilot, prevention of data oversharing in AI apps, and detection of risky AI use such as malicious intent, prompt injections, and misuse of protected materials. Additionally, Microsoft Purview now includes Data Security Posture Management (DSPM) that gives customers a single pane of glass to proactively discover data risks, such as sensitive data in user prompts, and receive recommended actions and insights for quick responses during incidents. For more details, read the blog on Tech Community. 

Microsoft continues to innovate on our end-to-end security platform to help defenders make the complex simpler, while staying ahead of cyberthreats and enabling their AI transformation. At the same time, we are continuously improving the safety and security of our cloud services and other technologies, including these recent steps to make Windows 11 more secure. 

Next steps with Microsoft Security

From the advances announced to our daily defense of customers, and the steadfast dedication of Chief Executive Officer (CEO) Satya Nadella and every employee, security remains our top priority at Microsoft as we deliver on our principles of secure by design, secure by default, and secure operations. To learn more about our vision for the future of security, tune in to the Microsoft Ignite keynote. 

Microsoft Ignite 2024

Gain insights to keep your organizations safer with an AI-first, end-to-end cybersecurity approach.

Register now

Are you a regular user of Microsoft Security products? Review your experience on Gartner Peer Insights™ and get a $25 gift card. To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. 

¹ Microsoft Digital Defense Report 2024.

² Microsoft customer stories:

• National Australia Bank invests in an efficient, cloud-managed future with Windows 11 Enterprise
• Intesa Sanpaolo accrues big cybersecurity dividends with Microsoft Sentinel, Copilot for Security
• Oregon State University protects vital research and sensitive data with Microsoft Sentinel and Microsoft Defender
• Eastman catalyzes cybersecurity defenses with Copilot for Security

³ How countries around the world are trying to regulate artificial intelligence, Theara Coleman, The Week US. July 4, 2023.

⁴ Earnings Release FY25 Q1, Microsoft. October 30, 2024.

The post AI innovations for a more secure future unveiled at Microsoft Ignite appeared first on Microsoft Security Blog.

As part of the department’s ongoing assessments of zero trust implementation, Flank Speed just underwent its second round of security assessments sponsored by the DoD Zero Trust Portfolio Management Office (PfMO)—with tremendous results. Just two years after the initial DoD guidance was issued, the United States Navy demonstrated that their integrated approach to security could achieve the department’s ZT goals, years ahead of schedule. The model developed by the Navy in collaboration with Microsoft can be replicated to help both civilian and defense agencies to similarly accelerate their own zero trust goals. 

DoD Zero Trust Report

The United States Navy is proving that Zero Trust goes beyond compliance standards and has become a proven security methodology with real world results.  

Discover more

During the exhaustive test, the comprehensive, integrated suite of Microsoft Security tools enabled Navy personnel to meet Target Level zero trust implementation, achieving 100% success in the 91 Target Level activities tested. Further testing of 61 Advanced Level zero trust activities determined the Navy had achieved success in nearly all (60 of 61) advanced Target Level activities.

The DoD expanded beyond traditional penetration testing to thoroughly evaluate all 152 zero trust activities. Prior to the month-long test, military personnel were trained on the effective operation of the comprehensive zero trust solution over the course of six months. This training allowed Navy personnel to detect and mitigate all attack vectors presented to them by the near-peer adversary assessment team.  

“Flank Speed’s unprecedented ability to achieve the very highest level of DoD ZT outcomes demonstrate to us that the department and the federal government that ZT cyber defenses work very effectively to protect and defend our data and systems against the very latest cyber-attacks from our adversaries.”

—Mr. Randy Resnick, Senior Executive Service, Chief ZT Officer for the DoD 

Components of success 

Flank Speed is a large-scale deployment born out of the need to securely facilitate remote workers at the onset of the COVID-19 pandemic and built on the Navy’s unclassified combined Azure and Microsoft 365 Impact Level 5(IL5) cloud. To achieve a secure operating environment, the Navy aligned its security approach around the DoD’s seven zero trust pillars—each of which represents its own protection area:  

As outlined in the diagram below, the Microsoft 365 E5 package combines best-in-class productivity solutions with comprehensive security technologies that can address all seven pillars of the DoD Zero Trust Strategy.  

This comprehensive and extensible zero trust platform supports a range of environments including hybrid cloud, multicloud, and multiplatform needs. It brings pre-integrated extended detection and response (XDR) services, coupled with cloud-based device management and cloud-based identity and access management to meet the security priorities necessary for all defense and civilian organizations. The specific technologies and implementation strategies that support each pillar are outlined in this blog post. Microsoft has also published a higher-level Security Adoption Framework (SAF) that provides guidance to organizations as they navigate the ever-changing security landscape. 

A partner agencies can trust 

Implementation of a zero trust solution from scratch can be a daunting task. A successful deployment requires the integration of properly configured technologies across numerous product categories. No single product can effectively achieve zero trust goals alone, but selecting a set of integrated capabilities whether first or third party can provide significant acceleration. In order to be effective in the long term, a zero trust implementation must also be flexible enough to adapt quickly to new adversary tactics. Following the White House Executive Order to improve the nation’s cybersecurity and protect federal government networks, Microsoft offered technical expertise that helped architect and deploy technologies aligned to the DoD ZT strategy, including continuous monitoring, big data analysis, and comply-to-connect components. 

The success of Flank Speed is a critical demonstration of this collaborative approach to implementation. That a complex and critical environment such as that belonging to the Navy fully met not only its Target Level zero trust activities, but nearly all of the Advanced Level criteria more than three years before the DoD’s 2027 deadline with a repeatable solution, is a testament that zero trust can be implemented effectively at scale across the government.  

Importantly, though Flank Speed itself is cloud-native, it has been deployed to extend its usability and security capabilities to both cloud-only and existing on-premises workloads and devices, both ashore and afloat. This gave the Navy a rapid path to increased security that was independent of any effort to modernize or sunset existing legacy assets. Along with the proven security achievements, this capacity to extend zero trust security to existing infrastructure could have wide-ranging benefits for organizations pursuing similar cybersecurity goals of a homogeneous security baseline across heterogeneous environments. 

A commitment to security and innovation 

Microsoft’s support in helping the United States Department of Defense and its branches achieve zero trust implementation also helps inform Microsoft’s own Secure Future Initiative, which aims to continuously apply the company’s cumulative security learnings in an effort to improve its own methods and practices, and to ensure that security is kept paramount in everything Microsoft creates and provides to its customers. Independent learnings gleaned as part of the Secure Future Initiative, in return, help Microsoft refine its approach in support of government organizations and a vast ecosystem of security partners. In this way Microsoft can work to ensure that zero trust environments supported by Microsoft 365 and Azure stay up to date, even as cyber threat actors change and mature their tactics and tools. This continuous collaboration advances the broader effort to secure and support the United States national security and the security posture of democratic organizations the world over.  

Microsoft commends the United States Navy for their milestone achievement. The United States Navy and the United States Department of Defense are proving that zero trust goes beyond compliance standards and has become a proven security methodology with real world results.  

Next steps

To learn more about how to accelerate your Zero Trust implementation with best practices, the latest trends, and a framework informed by real-world deployments, visit our latest guidance. 

 To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. 

The post DoD Zero Trust Strategy proves security benchmark years ahead of schedule with Microsoft collaboration appeared first on Microsoft Security Blog.

We are announcing a resource to help our customers answer these questions: The Microsoft Zero Trust Workshop, a self-service tool to help you plan and execute your Zero Trust journey guide by yourself or with the guidance of a partner.

The Zero Trust Workshop lets you customize your organization’s end-to-end security deployment to your unique business needs and your environment with a powerful tool that: provides a comprehensive assessment of zero trust capabilities learned from hundreds of deployments; guides you with a visual easy-to-use tool that explains each step of the journey; and delivers a digital artifact that you and your team can use to plan and prioritize your next steps and to compare and measure progress regularly. 

Zero Trust Workshop

A comprehensive technical guide to help customers and partners adopt a Zero Trust strategy and deploy security solutions end-to-end to secure their organizations.

Learn more

How our workshop helps customers and partners solidify their Zero Trust strategy 

Over the past year, we have piloted this workshop with more than 30 customers and partners. They have consistently told us that this provides them with the clarity, coverage, and actionable guidance they need to secure their organization within each Zero Trust pillar and across the pillars. When asked how likely they are to recommend the workshop to their partner teams or to other customers, customers give the workshop a net promoter score of 73.

The layout and question structure is fantastic as it provokes a fair amount of thought around adding each of the capabilities to take a multi-faceted approach to authentication and authorization.

—Senior vice president at a major financial institution

Security is a team sport, and we recognize that customers often need security partners to help them plan and execute their security strategy. This is why we partnered with several deployment partners across the pillars of Zero Trust to get their feedback on the workshop and how they would use it to help their customers.

The Zero Trust Workshop is a great starting point for our customers who want to embrace Zero Trust principles, but don’t know how to align the technology they already own. Furthermore, the workshop allows our customers to measure the progress they’ve made and aim for the next incremental hardening of the Zero Trust model, which is part and parcel of the Zero Trust manner of thinking. As a Microsoft partner and as an MVP, I advocate that customers use the materials provided by Microsoft, including these workshops, to measure and further their security posture.

—Nicolas Blank, NBConsult

[The Zero Trust workshop] has enabled Slalom to help clients accelerate their efforts towards a comprehensive cyber resilience strategy. It provides a clear picture of an organization’s current state and provides a template for order of operations and best practices in a very tidy package. It’s an easy-to-use tool with a huge impact, and our clients and workshop participants have been very impressed by how it organizes and prioritizes a complex set of operations in an approachable and manageable way.

—Slalom

How to start using the workshop to plan your Zero Trust journey

The Zero Trust Workshop is comprised of two main components, all in one handy file you can download and use to drive these conversations: 

• The Zero Trust Basic Assessment (optional): For customers starting on their Zero Trust journey, the assessment is a foundational tool that customers can run before the workshop to check for common misconfigurations and gaps in settings (for example, having too many global admins) to remediate before starting to enable the security features and capabilities of a Zero Trust journey.  

• The Zero Trust Strategy workshop: This is a guided breakdown of the Zero Trust areas according to the standard Zero Trust pillars (Identity, Devices, Data, Network, Infrastructure and Application, and Security Operations). For each pillar, we walk you through the associated areas with a proposed “do this first, consider this then, think about this next” order to how you should tackle them. For each area and capability, you have guidance on why it matters and options to address it and then can discuss it with your stakeholder and decide if this is something you already did, something you are going to do, or something you do not plan to implement at this time. As you progress through the different boxes and areas, you create an artifact for your organization on how well-deployed you are in this Zero Trust pillar and what are the next areas to tackle.  

Now, we are launching the Identity, Devices, and Data pillars. We will add the Network, Infrastructure and Application, and Security Operations in the coming few months. The website for the workshop will announce these as they become available.

I invite you to check out the Zero Trust Workshop site where we have detailed training videos and content. 

For our valued security deployment partners, the workshop is also included in the recently launched Zero Trust Partner kit where, as a partner, you can take the workshop material and customize it for your customer engagements based on your needs. 

Closing thoughts

We all need to work together to help secure the world we live in and keep people safe with the intention of collective defense. As shared in the most recent Microsoft Digital Defense Report, the cyber threat landscape is ever-growing and requires a collaborative approach between product vendors, security experts, and customers to help protect everyone. In the spirit of working with the wider ecosystem to help secure all customers, we recently partnered with NIST’s NCCoE and more than 20 security vendors to publish a guide on how to adopt NIST’s Zero Trust reference architecture using Microsoft’s Security products and this is another example of us working with all of you deploying security out there to help secure the ecosystem. 

We would love to hear how you are using it. Use the feedback form on the site to share with us how we can improve it to help your organization implement a Zero Trust journey. 

Additional resources to accelerate your Zero Trust journey 

This joins a library of other resources to guide your security modernization and Zero Trust journey, including: 

• The Zero Trust Guidance center

• The Microsoft Security Adoption Framework (SAF) which includes the Microsoft Cybersecurity Reference Architecture and the Chief Information Security Officer (CISO) Workshop.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity. 

The post ​​Zero Trust Workshop: Advance your knowledge with an online resource appeared first on Microsoft Security Blog.