Security Engineering Portal
Discover the security engineering practices used at Microsoft to build and operate highly secure apps and services.
In today’s complex and regulated environment, organizations need to focus on building more secure solutions that deliver value to their customers, partners, and shareholders. Through the Security Engineering Portal, we’re sharing what we’ve learned through our decades of experience implementing and continuously improving security-aware software development, operational management, and threat-mitigation practices that are essential to the strong protection of services and data.
Explore the following development guidance, models, and tools to get started.
Security Development Lifecycle (SDL)
Learn about the Microsoft SDL and how you can use to develop more secure software.Learn more
Operational Security Assurance (OSA)
Establish a scalable process for improving operational security in cloud-based infrastructure.Learn more
Open Source Security
Find tools and techniques to help you manage security risks in third-party components.Learn more
Learn how Microsoft has invested in multiple cybersecurity teams and related facilities to address threats to our customers and our technology ecosystem.Learn more
Microsoft also has specialized groups and teams to provide intensive focus on specific security issues, including:
- The Microsoft Digital Crimes Unit, which brings together experts who are dedicated to disrupting cybercrime threats such as botnet-driven internet attacks and online child sexual exploitation.
- The Government Security Program, provides qualified participants with confidential security information they need to trust Microsoft’s products and services.
- The Microsoft Security Response Center, led by some of the world’s most experienced security experts, which delivers a worldwide security response, collaborates with the security community to help improve customer security, advances innovation in the security landscape, provides authoritative security guidance, and publishes the semi-annual Security Intelligence Report.
- The Windows Defender Security Intelligence Center, which is the antimalware research-and-response organization within Microsoft that protects computer systems from malicious software attacks. The center continuously monitors millions of computers worldwide, gathering and analyzing threat data. With help from researchers around the world, it can identify and mitigate new threats within hours of their discovery.