Some achievements in some of the latest progress report notes include:
- Microsoft has filled out the release of business applications for the secondary CISO (including Windows, Microsoft 365 and Office);
- All 14-bit CISOs have completed a comprehensive risk list for their platform and capabilities, keeping risks aligned with current threat intelligence and product areas;
- Recently, the company launched the security of designing UX toolkits for Microsoft developers to improve user experience (UX) and secure integration across all products. There is also a customer-facing version. Deployed to 22,000 employees, the toolkit embeds security best practices into product development and ensures that the product interface is designed to be intuitive, unpopular, and helps protect customer data;
- Azure has launched fraudulent prevention features that include multi-factor authentication (MFA) to log in to the Azure portal to prevent unauthorized party abuse. This adds to the October 2024 implementation of mandatory multifactor authentication for Microsoft Azure Portal, Microsoft Entra Admin Center, and Microsoft Intune Admin Center;
- MFA enforcement for all Microsoft 365 Admin Center users is rolling out. In addition, there is a new AI administrator role that effectively manages Microsoft 365 Copilot and Enterprise AI services without the extensive licensing required for global administrator positions;
- 90% of the identity tokens for Microsoft Entra ID’s Microsoft applications are verified using a standard Identity SDK that provides consistent and robust implementations for improved security;
- The anti-phishing MFA now protects 100% of Microsoft production system accounts and 82% of employee productivity accounts. Additionally, Microsoft Azure’s 19 million resources now comply with Microsoft’s security secret standards.
- On March 26, Microsoft launched a new login experience for more than 1 billion users. By the end of this month, most Microsoft account users will see updated login and registered user experience streams for web and mobile applications. This new user experience has been optimized for password-free and broadcast-first experiences. Microsoft is also updating account login logic to make PassKey the default login option as possible.
- More than 97% of Microsoft’s production infrastructure assets are already in stock and are being tracked. Additionally, 99% of network equipment, as well as more than 95% of nodes/machines, have a collection of central security logs and have implemented a two-year retention policy.
The company said Microsoft Secure Future Future Future Initiative (SFI) is a years of effort to “revolutionize the way we design, build, test, test and operate our products and services to achieve the highest safety standards”. Some goals will take several years to complete. Others, such as work on post-quantitle encryption and orderly sunsets of encryption techniques as they age, will take longer.
The company called SFI “the largest cybersecurity engineering project in history.” The goal is consistent with the security principles of designing safety, safe and safe operation by default.
