Microsoft reveals latest update to Secure Future Initiative program
Microsoft has released the November update for its Secure Future Initiative
New security oriented solutions have been introduced across environments
Microsoft also announces a new Windows Resiliency Initiative
Microsoft has released the second update to its Secure Future Initiative – a program introduced to address critical security challenges and vulnerabilities experienced by the company which led to state-sponsored threat actors compromising US government data.
Microsoft has built upon progress made in its September 2024 update, where it introduced a number of security-oriented changes, including tying security to performance evaluations and introducing the Security Skilling Academy.
The company says further progress has now been made across Microsoft’s six engineering pillars to ensure “security above all else” to help protect users, businesses and contractors.More progress across the pillars
In the September 2024 update, Microsoft advanced the security of its first pillar, ‘protect identities and secrets’, by boosting the protection of access token signing keys on Microsoft Entra ID, Microsoft Account, and Microsoft Active Directory Federation Services. Microsoft also introduced phishing resistant credentials across the productivity environment.
A number of major changes have also now been revealed, with the Microsoft Azure Portal, Microsoft Entra admin center, Intune admin center, and Microsoft 365 admin center all getting multifactor authentication enabled by default for new tenants.
MFA is also being enforced across Microsoft’s productivity environments to reduce the risk of phishing and credential theft.
For pillar two, ‘protect tenants and isolate production systems’, the September update saw Microsoft introduce lifetime management and secure defaults for Microsoft Entra ID accounts, alongside removing management from legacy platforms such as the Azure Service Management API.
