By Cyber Guard Team 
Microsoft launched Microsoft Secure Future Initiative (SFI) in November 2023, with the goal of fundamentally transforming how Microsoft designs, builds, tests, and operates its software and services. Microsoft’s Secure Future Initiative (SFI) is built on three foundational principles to ensure product security throughout the entire lifecycle—from initial design to deployment and beyond. These principles are: Secure by Design, Secure by Default, and Secure by Operation.
Secure by Design- Security is integrated from the start—products are built with threat protection and risk reduction in mind.
Secure by Default- Enforcement of default security settings, such as MFA, to ensure robust protection.
Secure Operations- Continuous monitoring and improvement of security operations to adapt to evolving threats.
In its second year, Microsoft released a comprehensive progress report on the Secure Future Initiative (SFI), detailing significant strides made in enhancing cybersecurity across the organization. This report highlights the company’s commitment to embedding security at every level, from design to deployment.
The Microsoft Secure Future Initiative (SFI) April 2025 Progress Report outlines significant advancements in Microsoft’s cybersecurity efforts, emphasizing a comprehensive, organization-wide transformation to enhance security across all products and services.
Key Highlights from the SFI Progress Report:
1. Governance and Leadership:
– Established a Cybersecurity Governance Council led by the Chief Information Security Officer (CISO), with Deputy CISOs appointed across key security functions and engineering divisions.
– Security performance is now integrated into employee performance reviews and linked to compensation, emphasizing accountability at all levels.
2. Security Engineering Pillars:
– Protect Identities and Secrets: Implemented phishing-resistant credentials and video-based user verification for 95% of internal users.
– Protect Tenants and Isolate Production Systems: Eliminated 5.75 million inactive tenants and 730,000 unused applications to reduce potential attack surfaces.
– Protect Networks: Achieved over 99% asset inventory tracking and isolated virtual networks to minimize lateral movement risks.
– Protect Engineering Systems: Enforced strict access controls, including reducing the lifespan of Personal Access Tokens to seven days and disabling SSH access for all internal engineering repositories.
– Monitor and Detect Threats: Standardized security audit logs across production infrastructure, retaining logs for a minimum of two years.
– Accelerate Response and Remediation: Improved response times for critical cloud vulnerabilities and began publishing critical vulnerabilities as CVEs to enhance transparency.
3. Cultural Transformation:
– Launched the Security Skilling Academy, providing personalized security training for all employees to foster a security-first mindset.
– Senior leadership reviews SFI progress weekly, and updates are provided quarterly to the Board of Directors, ensuring ongoing commitment and oversight.
These efforts underscore Microsoft’s dedication to creating a secure environment for its products and services, reinforcing trust with customers and stakeholders.
Register Now