Last November, Microsoft announced our Secure Future Initiative (SFI), which brought every part of our company together to combat the increasing scale and sophistication of cyberattacks and advance cybersecurity protection across new products and legacy infrastructures.
We have learned a lot since then, but there is still more we are doing to ensure that security is the top priority across Microsoft. In a recent blog post, Charlie Bell, EVP of Microsoft Security, announced an expansion of SFI. The expansion will enhance the built-in security of our products and platforms to help protect our Microsoft partners’ organizations, and by extension our shared customers, against evolving threats from cloud, AI, and geopolitical cyber activities. We are asking for your continued support and cooperation as we ensure that our products, solutions, and processes remain the most secure in the industry.
We are implementing immediate and future changes that have the potential to impact some of our partners, and unfortunately, in some instances, with very little notice. In the next few days and months, we will be sending notifications that might require you, our trusted partners, to act quickly to help close security vulnerabilities.
As outlined in Charlie’s blog, our work will be guided by three security principles:
- Secure by design: Security comes first when designing any product or services.
- Secure by default: Security protections are enabled and enforced by default, require no extra effort, and are not optional.
- Secure operations: Security controls and monitoring will be improved to meet current and future threats.
We have also expanded our goals and actions—which are now aligned to six prioritized security pillars—and instituted new, more transparent governance practices, which Charlie further details in his blog post.
Partners play a crucial role in our ability to protect our joint customers and raise the security baseline of our ecosystem. To drive adoption of basic security hygiene we have identified several initiatives and best practices, including:
- Enabling Security defaults on existing Cloud Solution Provider (CSP) tenants who haven't yet adopted MFA (multifactor authentication).
- Requiring all Azure customers to sign in with MFA.
- Offering new benefit packages that include Microsoft 365 Business Premium to help you protect your data and defend against cyberthreats.
Here are some specific ways partners can further protect your organization and customers from attack:
1. Implement security hygiene practices
Security hygiene is the practice of maintaining a strong security posture to protect your data, your people, and your devices from more than 99% of cyberattacks. These simple and effective practices are critical to the security of our entire ecosystem and include:
- Enabling multifactor authentication (MFA) to protect against compromised user passwords and help provide extra resilience for identities.
- Applying Zero Trust principles, which involve explicit verification, use of least privileged access, and assumption of breach, to limit the impact of an attack.
- Using extended detection and response as well as antimalware to automatically block attacks and gain insight into the security operations software for faster response.
- Ensuring systems are up to date with the latest versions of firmware, operating systems, and applications.
- Implementing the right protections for critical data, which requires knowledge of which data is most important and where it's located.
To learn more about how these practices protect against 99% of cyberattacks, read our latest Digital Defense Report, or explore our Secure Future Initiative webpage.
2. Use Microsoft Copilot for Security
Copilot for Security is designed to help amplify the work of teams across your organization to detect and protect against threats and build more secure solutions at the scale and speed of AI.
Regardless of where you are in your security and/or AI journey, we offer training programs to help you build the skills to better protect your business, serve your customers, and stand out in the market.
Our on-demand Copilot for Security training will enable your teams to:
- Grasp the basics of Copilot for Security and engage with product leads on the benefits and possibilities of this technology for your organization.
- Attend demonstrations that show the seamless integration of Copilot into your workflows.
- Experience how Copilot helps security analysts catch what others miss, outpace adversaries, and strengthen their expertise.
- Dive into best practices for Copilot prompting and tailoring the technology to meet the unique needs of your organization—and your customers.
- Gain insights into how Copilot for Security can add value to your customers and support them in advancing toward a more secure future.
For the latest information on how organizations are innovating with Copilot for Security and strengthening their cybersecurity, visit the Microsoft Security Copilot blog.
3. Become a Security leader
Collaborating and innovating toward a safer and more secure world presents significant opportunities for partners who deliver secure and integrated solutions and who continue to deepen their technological knowledge and expertise in security best practices.
By leveraging Copilot—and helping your customers do the same—and by earning Security specializations or designations, you can showcase your technical expertise in delivering the solutions customers need with Microsoft Security and stand out from the competition as a leader they can trust.
Securing our future is a collective effort
As we continue to navigate the challenges of our digital era, the latest Microsoft Digital Defense Report describes the increase in sophistication and frequency of cyberthreats and their impacts. For example, in 2023 alone, the number of human-operated ransomware attacks nearly tripled and 4,000 password attacks were attempted, on average, every second. Even as decision-makers across industries and organizations—including Microsoft—make investments to protect against these damaging attacks, they continue to accelerate and evolve.
We will continue to share what we learn and keep you updated on the measures we are taking to secure the entire Microsoft ecosystem. By working together to achieve a more secure future we can help customers feel confident that Microsoft and partner solutions:
- Are comprehensive, proactive, responsive, and compliant.
- Will help safeguard their entire organization with integrated security, compliance, and identity solutions built to work across platforms and cloud environments.
- Utilize innovative AI and automation technologies and up-to-date expertise to help support early threat detection and effective response.
- Contribute to their fortified security posture, enabling them to fearlessly create, innovate, and grow their business.
To discover how partners are already securing their organizations with security best practices and helping customers innovate faster and more securely with their solutions, explore these stories:
To stay up to date on the latest news, trends, and events related to Security, visit our Security blog.