Trace Id is missing
Skip to main content
The Microsoft Cloud

Security above all else

"Microsoft runs on trust and trust must be earned and maintained. Our pledge to our customers and our community is to prioritize your cyber safety above all else." Charlie Bell, EVP Security, Microsoft

Microsoft Secure Future Initiative

We’re continuously applying what we’ve learned from security incidents to improve our methods and practices. Three principles anchor our approach to the Secure Future Initiative (SFI).

Secure by design

Security comes first when designing any product or service.

Secure by default

Security protections are enabled and enforced by default, require no extra effort, and aren’t optional.

Secure operations

Security controls and monitoring will be continuously improved to meet current and future threats.

SFI pillars

We’re expanding the scope of the SFI to help our customers and community amidst the fast-changing threat landscape.

  • A person sitting on chair and working on his laptop

    Protect identities and secrets

    Reduce the risk of unauthorized access by implementing and enforcing best-in-class standards across all identity and secrets infrastructure, and user and application authentication and authorization.

    A person working on his laptop with table lamp and headphones placed on the table

    Increased protection for sign-in credentials

    Intruders don’t break in, they sign in. See how we're ensuring that our keys remain out of reach.

    A woman using a touch screen desktop while holding a phone in her hand

    Automatic multifactor authentication

    Find out how Microsoft led the way in consumer identity by providing multifactor authentication enabled by default along with risk-based challenges.

    Back to tabs
  • A person in glasses looking at a computer screen

    Protect tenants and isolate production systems

    Protect all Microsoft tenants and production environments using consistent, best-in-class security practices and strict isolation to minimize breadth of impact.

    Meeting industry standards for cloud security

    Read about the standardized security baselines for Azure products that meet Center for Internet Security (CIS) and National Institute for Standards in Technology (NIST) standards.

    A more secure cloud by default

    We enabled security defaults for 20 million customers on free tenants—94% of customers keep these protective measures in place.

    Back to tabs
  • A close-up of a person's hand as she stands and shows something on the screen to another person.

    Protect networks

    Protect Microsoft production networks and implement network isolation of Microsoft and customer resources.

    Segmentation and role-based access

    Learn how to build a unified segmentation strategy using perimeters and isolation boundaries in workloads.

    Back to tabs
  • Protect engineering systems

    Protect software assets and continuously improve code security through governance of the software supply chain and engineering systems infrastructure.

    Lessons from our transition to Zero Trust

    Secure access to source code and engineering systems infrastructure through Zero Trust and least-privileged access policies.

    A women looking at Laptop and working

    Build and maintain inventory for all software assets

    Build and maintain the inventory for all software assets used to deploy and operate production environments.

    Back to tabs
  • A group of people looking at a computer screen

    Monitor and detect threats

    Comprehensive coverage and automatic detection of threats to Microsoft production infrastructure and services.

    Read about our red, blue, and green teams

    See how MORSE members effectively address security threats, repair broken code, and identify potential attack paths before a breach can happen.

    See how security researchers help Microsoft

    Find out how researchers who discover a vulnerability in a Microsoft product, service, or device can receive a Bug Bounty award from Microsoft. 

    Back to tabs
  • A group of people sitting in office on their desks and at the front two persons are standing

    Accelerate response and remediation

    Prevent exploitation of vulnerabilities discovered by external and internal entities through comprehensive and timely remediation.

    Office with people working on their desktops

    Read real-time incident updates

    We practice coordinated vulnerability disclosure with the research community—with no nondisclosure agreement required. Read real-time updates on known vulnerabilities.

    A girl wearing a blue collared jacket checking her phone

    Meet our digital defense team

    Read the latest cybersecurity and threat intelligence trends and get reports with insights and recommendations.

    A girl wearing spectacles working on her laptop

    Get the 2023 Microsoft Digital Defense Report

    See our latest findings on the threat landscape evolution and opportunities for Microsoft and our customers to secure a resilient online ecosystem.

    Back to tabs

Foundations of SFI

Successful business operations or change management is predicated on people, process, and technology working in harmony. These are the foundations of SFI.

Continuous security improvement

The SFI empowers all of Microsoft to implement the needed changes to deliver security first. Our company culture is based on a growth mindset that fosters an ethos of continuous improvement.

Paved paths and standards

Paved paths are best practices from our learned experiences, drawing upon lessons such as how to optimize productivity of our software development and operations, how to achieve compliance, and how to eliminate entire categories of vulnerabilities and mitigate related risks.

Security-first culture

Culture can only be reinforced through our daily behaviors. The engineering executive vice presidents are also holding broadscale, weekly and monthly operational meetings that include all levels of management and senior individual contributors. Through this process of bottom-to-top, end-to-end problem solving, security thinking is ingrained in our daily behaviors.

Security governance

Microsoft is implementing a new security governance framework, spearheaded by the Chief Information Security Officer (CISO). This framework introduces a partnership between engineering teams and newly formed Deputy CISOs, collectively responsible for overseeing the SFI, managing risks, and reporting progress directly to Microsoft’s Senior Leadership Team. Progress will be reviewed weekly with this executive forum and quarterly with our Board of Directors.

Get SFI updates

May 1, 2024

Our progress so far

Learn about the tangible steps we’re taking to implement the SFI and accelerate our progress.

March 6, 2024

See how we’re using AI

Discover the ways we’re transforming software development with automation and AI.

November 2, 2023

Learn about the evolving threat landscape

SFI brings every part of Microsoft together to advance cybersecurity protection in this deep-dive.

November 2, 2023

See where the SFI started

Revisit our initial announcement about the SFI in this memo from Charlie Bell.

Resources to heighten your security

See how your current security measures up to industry standards and how you can improve your position.

Follow Microsoft