After we launched the Safe Future Initiative (SFI), our mission was clear: speed up innovation, strengthen resilience, and lead the trade towards a safer digital future. In the present day, we’re sharing our newest progress report that displays regular progress in each space and engineering pillar, underscoring our dedication to safety above all else. We additionally spotlight new improvements delivered to higher shield prospects, and share how we use a few of those self same capabilities to guard Microsoft. By way of SFI, now we have improved the safety of our platforms and companies and our capability to detect and reply to cyberthreats.
Fostering a security-first mindset
Engineering sentiment round safety has improved by 9 factors since early 2024. To extend safety consciousness, 95% of staff have accomplished the most recent coaching on guarding towards AI-powered cyberattacks, which stays one among our highest-rated programs. Lastly, we developed sources for workers and made them obtainable to prospects for the primary time to enhance safety consciousness.
Governance that scales globally
The Cybersecurity Governance Council now consists of three extra Deputy Chief Data Safety Officers (CISOs) features protecting European laws, inside operations, and engagement with our ecosystem of companions and suppliers. We launched the Microsoft European Safety Program to deepen partnerships and higher inform European governments concerning the cyberthreat panorama and collaborating with trade companions to higher align cybersecurity laws, advance accountable state conduct in our on-line world, and construct cybersecurity capability by way of the Advancing Regional Cybersecurity Initiative within the world south. You possibly can learn extra on our cybersecurity coverage and diplomacy work.
Safe by Design, Safe by Default, Safe Operations
Microsoft Azure, Microsoft 365, Home windows, Microsoft Floor, and Microsoft Safety engineering groups proceed to ship improvements to higher shield prospects. Azure enforced safe defaults, expanded hardware-based belief, and up to date safety benchmarks to enhance cloud safety. Microsoft 365 launched a devoted AI Administrator position, and enhanced agent lifecycle governance and information safety transparency to offer organizations extra management and visibility. Home windows and Floor superior Zero Belief ideas with expanded passkeys, computerized restoration capabilities, and memory-safe enhancements to firmware and drivers. Microsoft Safety launched information safety posture administration for AI and developed Microsoft Sentinel into an AI-first platform with information lake, graph, and Mannequin Context Protocol capabilities.
Engineering progress that units the benchmark
We’re making regular progress throughout all engineering pillars. Key achievements embody imposing phishing-resistant multifactor authentication (MFA) for 99.6% of Microsoft staff and units, migrating higher-risk customers to locked-down Azure Digital Desktop environments, finishing community gadget stock and lifecycle administration, and reaching 99.5% detection and remediation of reside secrets and techniques in code. We’ve additionally deployed greater than 50 new detections throughout Microsoft infrastructure with relevant detections to be added to Microsoft Defender and awarded $17 million to advertise accountable vulnerability disclosure.
Actionable steering
To assist prospects enhance their safety, we spotlight 10 SFI patterns and practices prospects can observe to cut back their danger. We additionally share extra finest practices and steering all through the report. Clients can do a deeper evaluation of their safety posture through the use of our Zero Belief Workshops which incorporate SFI-based assessments and actionable learnings to assist prospects on their very own safety journeys.
Safety as the inspiration of belief
Cybersecurity is not a characteristic—it’s the inspiration of belief in a linked world.
With the equal of 35,000 engineers working full time on safety, SFI stays the biggest cybersecurity effort in digital historical past. Trying forward, we’ll proceed to prioritize the best dangers, speed up supply of safety improvements, and harness AI to extend engineering effectivity and allow fast anomaly detection and automatic remediation.
The cyberthreat panorama will proceed to evolve. Know-how will proceed to advance. And Microsoft will proceed to prioritize safety above all else. Our progress displays a easy reality: belief is earned by way of motion and accountability.
We’re grateful for the partnership of our prospects, trade friends, and safety researchers. Collectively, we’ll innovate for a safer future.
Be taught extra with Microsoft Safety
To be taught extra about Microsoft Safety options, go to our web site. Bookmark the Safety weblog to maintain up with our knowledgeable protection on safety issues. Additionally, observe us on LinkedIn (Microsoft Safety) and X (@MSFTSecurity) for the most recent information and updates on cybersecurity.
