SECURE FUTURE INITIATIVE
Security above all else
Read the November 2025 progress report as part of this multiyear journey to bolster cybersecurity and explore actionable guidance from the Secure Future Initiative (SFI).
Principles
Microsoft Secure Future Initiative
Three principles anchor our approach to the SFI. Weβre continuously applying what weβve learned from incidents to improve our methods and practices, ensuring that security is paramount in everything we create and provide.
Foundations
Foundations of the Secure Future Initiative
Successful business operations and change management are predicated on people, process, and technology working in harmony. These are the foundations of the SFI.
Security-first culture
Culture is reinforced through daily behaviors. Regular meetings between engineering executive vice presidents, SFI leaders, and all management levels ensure bottom-up, end-to-end problem-solving that ingrains security thinking into our everyday actions.
Security governance
We're elevating security governance with a new framework led by the chief information security officer. This will introduce a partnership with engineering teams to oversee SFI, manage risks, and report progress to leadership.
Continuous security improvement
The SFI empowers every employee at Microsoft to prioritize security, driven by a growth mindset of continuous improvement. We integrate feedback and learnings from incidents into our standards, enabling secure design and operations at scale.
Paved paths and standards
Paved paths are best practices that optimize productivity, compliance, and security. These become standards when they enhance security or the developer experience. With the SFI, we set and measure standards across all six prioritized security pillars.
PILLARS
Secure Future Initiative pillars
The six SFI pillars include goals and actions that define our approach to security.
- Reduce the risk of unauthorized access by implementing and enforcing best-in-class standards across all identity and secrets infrastructure, plus user and application authentication and authorization.
Get practical guidance on how to help protect identities and secrets. - Protect all Microsoft tenants and production environments using consistent, best-in-class security practices and strict isolation to minimize breadth of impact.
Get practical guidance on how to help protect tenants and isolate systems. - Protect Microsoft production networks and implement network isolation of Microsoft and customer resources.
Get practical guidance on how to help protect networks. - Protect software assets and continuously improve code security through governance of the software supply chain and engineering systems infrastructure.
Get practical guidance on how to help protect engineering systems. - Provide comprehensive coverage and automatic detection of cyberthreats for Microsoft production infrastructure and services.
Get practical guidance on how to help monitor and detect cyberthreats. - Prevent exploitation of vulnerabilities discovered by external and internal entities through comprehensive and timely remediation.
Get practical guidance on how to help accelerate response and remediation.
Our progress
See the highlights
View the most recent highlights in our November report.
Practical Guidance
Actionable guidance grounded in real-world security
Scale securely following SFI patterns and practices based on Microsoftβs tested security insightsβwhat worked, what changed, and what we learned.
Constrain failure with threat modeling for AI systems
Approach threat modeling for AI systems as an ongoing engineering mindset rather than a one-time checklist.
Take a layered approach to defense in depth for agents
This case study shares the top risks of agents and what the layers of the "layered approach" actually are.
Secure your agentic systems
Reduce risk without stalling innovation.
FAQ
Frequently asked questions
Frequently asked questions
- The Microsoft Secure Future Initiative, launched in November of 2023, is a multiyear commitment that advances the way we design, build, test, and operate our Microsoft technology to ensure that our solutions meet the highest possible standards for security.
- Microsoft launched the SFI to prepare for the increasing scale and high stakes of cyberattacks. SFI brings together every part of Microsoft to advance cybersecurity protection across our company and products. We carefully considered what we saw across Microsoft and what we heard from customers, governments, and partners to identify our greatest opportunities to impact the future of security. For more information on our initial announcement about SFI, see our blog post.
- We plan to keep ourselves accountable and provide the latest SFI news to customers, partners, and the security community through regular updates.
RESOURCES
Explore Secure Future Initiative resources
Keep up with the latest SFI information.
Blog
Explore our progress
Read what Charlie Bell has to say about the latest SFI report (November 2025), which discusses our advancements in this multiyear journey to bolster cybersecurity for Microsoft, our customers, and the industry at large.
Protect identities and secrets
Reduce the risk of unauthorized access by implementing and enforcing best-in-class standards across all identity and secrets infrastructure, plus user and application authentication and authorization.
Explore actionable patterns and practices from the SFI for secure access at scale with phishing-resistant MFA.
Explore actionable patterns and practices from the SFI for secure access at scale with phishing-resistant MFA.
Next
Protect tenants and isolate systems
Protect tenants and isolate systems
Protect all Microsoft tenants and production environments using consistent, best-in-class security practices and strict isolation to minimize breadth of impact.
Explore actionable patterns and practices from the SFI:
Explore actionable patterns and practices from the SFI:
Next
Protect networks
Protect networks
Protect Microsoft production networks and implement network isolation of Microsoft and customer resources.
Next
Protect engineering systems
Protect engineering systems
Protect software assets and continuously improve code security through governance of the software supply chain and engineering systems infrastructure.
Explore actionable patterns and practices from SFI for building securely at scale with standardized pipelines.
Explore actionable patterns and practices from SFI for building securely at scale with standardized pipelines.
Next
Monitor and detect cyberthreats
Monitor and detect cyberthreats
Provide comprehensive coverage and automatic detection of cyberthreats for Microsoft production infrastructure and services.
Explore actionable patterns and practices from the SFI:
Explore actionable patterns and practices from the SFI:
Next
Accelerate response and remediation
Accelerate response and remediation
Prevent exploitation of vulnerabilities discovered by external and internal entities through comprehensive and timely remediation.
Explore actionable patterns and practices from the SFI to cut risk exposure time with rapid vulnerability fixes.
Explore actionable patterns and practices from the SFI to cut risk exposure time with rapid vulnerability fixes.