Microsoft Provides Update on Its Cybersecurity Optimization

Having fallen victim to multiple cyber incidents over the past two years, the Redmond-based company launched a comprehensive cybersecurity improvement plan in May 2024.

On September 23, 2024, Microsoft provided an update on the progress of its cybersecurity optimization plan, introduced in May 2024 and named the “Secure Future Initiative.” This action program aims to address the multiple cyber incidents the company has faced over the past two years, as well as the criticism from U.S. public authorities regarding its inadequate cybersecurity.

According to Charlie Bell, Executive Vice President at Microsoft Security, 34,000 engineers are working full-time on this plan, which is built on three pillars:

Implementing cybersecurity by design, from the conception of every product or service;
Activating and enforcing default cybersecurity protections;
Continuously testing and optimizing these protections.

In practical terms, Microsoft has established a “Cybersecurity Governance Council,” composed of CISOs from all its key security functions and engineering branches. The company has also linked executive compensation to the firm’s cybersecurity performance.

Microsoft announced it has fully secured its credentials and access systems by strengthening encryption keys, authentication tokens, and login credentials. The company has also deployed video verification in its production environments to eliminate password sharing. Additionally, Microsoft has removed 730,000 unused applications and 5.75 million inactive accounts from its cloud environment.

The group has also put 15,000 new locked and non-connected devices into service, dedicated to its software production teams, to isolate its systems. More broadly, Microsoft has deployed additional layers of protection between its different networks to limit lateral movement in the event of an intrusion.