Once we launched the Safe Future Initiative (SFI), our mission was clear: speed up innovation, strengthen resilience, and lead the trade towards a safer digital future. Right now, we’re sharing our newest progress report that displays regular progress in each space and engineering pillar, underscoring our dedication to safety above all else. We additionally spotlight new improvements delivered to raised shield prospects, and share how we use a few of those self same capabilities to guard Microsoft. By way of SFI, we’ve got improved the safety of our platforms and companies and our means to detect and reply to cyberthreats.
Fostering a security-first mindset
Engineering sentiment round safety has improved by 9 factors since early 2024. To extend safety consciousness, 95% of workers have accomplished the most recent coaching on guarding in opposition to AI-powered cyberattacks, which stays one among our highest-rated programs. Lastly, we developed assets for workers and made them accessible to prospects for the primary time to enhance safety consciousness.
Governance that scales globally
The Cybersecurity Governance Council now contains three further Deputy Chief Info Safety Officers (CISOs) features masking European rules, inside operations, and engagement with our ecosystem of companions and suppliers. We launched the Microsoft European Safety Program to deepen partnerships and higher inform European governments concerning the cyberthreat panorama and collaborating with trade companions to raised align cybersecurity rules, advance accountable state habits in our on-line world, and construct cybersecurity capability via the Advancing Regional Cybersecurity Initiative within the world south. You possibly can learn extra on our cybersecurity coverage and diplomacy work.
Safe by Design, Safe by Default, Safe Operations
Microsoft Azure, Microsoft 365, Home windows, Microsoft Floor, and Microsoft Safety engineering groups proceed to ship improvements to raised shield prospects. Azure enforced safe defaults, expanded hardware-based belief, and up to date safety benchmarks to enhance cloud safety. Microsoft 365 launched a devoted AI Administrator position, and enhanced agent lifecycle governance and information safety transparency to present organizations extra management and visibility. Home windows and Floor superior Zero Belief ideas with expanded passkeys, automated restoration capabilities, and memory-safe enhancements to firmware and drivers. Microsoft Safety launched information safety posture administration for AI and advanced Microsoft Sentinel into an AI-first platform with information lake, graph, and Mannequin Context Protocol capabilities.
Engineering progress that units the benchmark
We’re making regular progress throughout all engineering pillars. Key achievements embody implementing phishing-resistant multifactor authentication (MFA) for 99.6% of Microsoft workers and units, migrating higher-risk customers to locked-down Azure Digital Desktop environments, finishing community machine stock and lifecycle administration, and reaching 99.5% detection and remediation of reside secrets and techniques in code. We’ve additionally deployed greater than 50 new detections throughout Microsoft infrastructure with relevant detections to be added to Microsoft Defender and awarded $17 million to advertise accountable vulnerability disclosure.
Actionable steerage
To assist prospects enhance their safety, we spotlight 10 SFI patterns and practices prospects can comply with to scale back their danger. We additionally share further finest practices and steerage all through the report. Prospects can do a deeper evaluation of their safety posture through the use of our Zero Belief Workshops which incorporate SFI-based assessments and actionable learnings to assist prospects on their very own safety journeys.
Safety as the muse of belief
Cybersecurity is now not a function—it’s the muse of belief in a related world.
With the equal of 35,000 engineers working full time on safety, SFI stays the most important cybersecurity effort in digital historical past. Wanting forward, we are going to proceed to prioritize the best dangers, speed up supply of safety improvements, and harness AI to extend engineering effectivity and allow fast anomaly detection and automatic remediation.
The cyberthreat panorama will proceed to evolve. Expertise will proceed to advance. And Microsoft will proceed to prioritize safety above all else. Our progress displays a easy reality: belief is earned via motion and accountability.
We’re grateful for the partnership of our prospects, trade friends, and safety researchers. Collectively, we are going to innovate for a safer future.
Be taught extra with Microsoft Safety
To be taught extra about Microsoft Safety options, go to our web site. Bookmark the Safety weblog to maintain up with our knowledgeable protection on safety issues. Additionally, comply with us on LinkedIn (Microsoft Safety) and X (@MSFTSecurity) for the most recent information and updates on cybersecurity.
