Trustworthy Computing focuses on creating and delivering secure, private, and reliable computing experiences based on sound business practices. Our goal is a safer, more trusted Internet.

The security of our customers' computers and networks is a top priority. We are committed to building software and services that help protect our customers and the industry. Our approach to security includes both technological and social aspects, and we strive to ensure that information and data are safe and confidential. Drawing on industry best practices, we make investments to increase the security of our technologies and to provide guidance and training to help minimize the impact of malicious software.


Three core elements guide the work and focus of security at Microsoft:

Fundamentals, Threat and Vulnerability Mitigation, and Identity and Access Control.


We focus on security fundamentals, including making online activities, software, and services safer. As part of Trustworthy Computing, Microsoft trains its developers, testers, and program managers to build more secure software code, following an approach known as the  Security Development Lifecycle (SDL). Since 2003, Microsoft has also been working with national governments around the world on building and deploying more secure IT infrastructure and services in the Government Security Program.

We also focus on enhancing the processes and tools used in updating customer software. Microsoft works to make the updating process more manageable by making it predictable, improving the quality of updates, and investing in effective tools and product enhancements to make it easier.

Threat and Vulnerability Mitigation

Microsoft strives to deliver a comprehensive and integrated portfolio of software and technologies that suit the needs of all customers by providing the following benefits:

  • Central visibility and control of risk
  • Reduced exposure to threats through leading technologies and an in-depth approach to defense
  • Seamless integration with existing IT systems and within the security portfolio

Our approach also helps reduce an organization's exposure to attacks through best-of-breed threat protection, detection, and removal. Data that is collected using various feedback mechanisms combined with global research and collaboration help promote fast discovery of protection against new threats.

Identity and Access Control

Tackling this challenging aspect of security is another important layer of Microsoft's in-depth approach to defense. It has three parts:

  • Trustworthy identity:Focusing on innovation and integration to help ensure that users are trustworthy.
  • Access policy management:Managing policy that dictates what resources each user can access.
  • Information protection:Helping protect information permanently, wherever it is stored.