Microsoft has officially announced major changes in how it handles security features for its products. In a new post on the Microsoft Security blog, Charlie Bell, the company"s Executive Vice President for Security, revealed it will be expanding plans for its previously announced Secure Future Initiative. along with adding recommendations from the US Department of Homeland Security’s Cyber Safety Review Board (CSRB).
In the blog post, Bell stated:
Microsoft plays a central role in the world’s digital ecosystem, and this comes with a critical responsibility to earn and maintain trust. We must and will do more. We are making security our top priority at Microsoft, above all else—over all other features.
This new emphasis on improvements in security comes after a number of recent and high profile breaches by hacker groups. That includes one in the summer of 2023, when a Chinese-based group got access to Outlook email accounts in the US and Europe. In early 2024, a Russia-based group managed to access the email accounts of some of Microsoft"s top executives. That incident later caused the group to get a hold of some of Microsoft"s source code.
In today"s blog post, Bell says its Secure Future Initiative will now cover six specific categories:
- Protect identities and secrets
- Protect tenants and isolate production systems
- Protect networks
- Protect engineering systems
- Monitor and detect threats
- Accelerate response and remediation
Bell says its shift in security priorities has already yielded results. That includes adding support for "automatic enforcement of multifactor authentication" for over one million Entra ID users inside Microsoft. The company has also reduced the use or eliminated 730,000 apps in the company that were out of their support lifecycle or did not conform to the new SFI standard.
Ironically, Microsoft announced earlier this week it was now adding passkey support for all consumer Microsoft accounts in an attempt to improve security.