via #Microsoft : Updates in two of our core priorities

https://ift.tt/xyVzWFg
#NetNewArticle #UpdatesInTwoCorePriorities #Microsoft #Security #Quality #Engineering #SatyaNadella #HayeteGallot #CharlieBell #SecurityCopilot #Purview #AgentPlatform #SecureFutureInitiative #Quali…

Microsoft launches Cybersecurity Awareness Month: “Security starts with you.” New tools and practices aim to embed protection into every layer of tech. 🧠🔐 #CyberAware2025 #SecureFutureInitiative

https://www.microsoft.com/en-us/security/blog/2025/10/01/cybersecurity-awareness-month-security-starts-with-you/

🚨 Microsoft just moved MSA token signing to Azure Confidential VMs, a major step forward in securing its identity infrastructure after the high-profile Storm-0558 breach.

This move, along with the ongoing migration of Entra ID signing services, is part of Microsoft’s broader Secure Future Initiative (SFI) — described as the largest cybersecurity engineering project in its history.

Here’s what’s changing:
- MSA signing keys now protected inside Azure Confidential VMs
- Entra ID token signing is also being migrated to confidential infrastructure
- Access tokens are generated, stored, and auto-rotated via Azure-managed HSM
- 90% of identity tokens for Microsoft apps now validated via hardened SDKs
- 92% of Microsoft productivity accounts use phishing-resistant MFA
- 81% of production code branches are protected with proof-of-presence MFA
- Security logs have a mandatory 2-year retention period
- A new tenant provisioning system auto-registers tenants into the emergency response process

Microsoft is also piloting isolated customer support environments to reduce lateral movement, a direct response to risks exposed in the 2023 Storm-0558 breach, which involved forged Entra ID tokens using a compromised MSA key.

The attack, attributed to a China-linked threat group, led to unauthorized email access across U.S. and European entities.

This update builds on the lessons from the U.S. Cyber Safety Review Board (CSRB) report and pushes forward a model where signing keys, support processes, and token validation are more tightly controlled than ever before.

At @Efani, we support these kinds of structural shifts — because real security isn’t just about patching flaws after the fact, it’s about re-engineering trust from the foundation up.

#CyberSecurity #Microsoft #EntraID #CloudSecurity #SecureFutureInitiative #Storm0558 #IdentitySecurity #EfaniSecure

I'm a podcasting fool lately! Took a turn in the guest seat on @robwright 's Risk & Repeat for an episode about #Microsoft's first #securefutureinitiative report. Check it out! #sfi #csrb #cybersecurity #msft

https://riskandrepeat.podbean.com/e/risk-repeat-inside-the-microsoft-sfi-progress-report/

In the name of #SecureFutureInitiative I think #Microsoft should make #EntraID Identity Protection FREE for everyone.

Yay or nay?

Microsoft’s new #Outlook #security changes impact third-party apps and #Gmail integration - The Verge

Microsoft’s #SecureFutureInitiative is kicking in for Outlook.com, with higher levels of security that may impact third-party apps.
#Microsoft

https://www.theverge.com/2024/6/11/24175917/microsoft-outlook-security-changes-secure-future-initiative

Microsoft products are about to get a cybersecurity boost. The company recently announced its Secure Future Initiative to improve the built-in security of its products.

#Cybersecurity #SecureFutureInitiative
https://www.csoonline.com/article/657928/microsoft-pledges-cybersecurity-overhaul-to-protect-products-and-services.html