{"id":897,"date":"2024-11-19T13:30:00","date_gmt":"2024-11-19T13:30:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=897"},"modified":"2024-11-19T13:30:00","modified_gmt":"2024-11-19T13:30:00","slug":"from-mfa-mandates-to-locked-down-devices-microsoft-posts-a-year-of-sfi-milestones-at-ignite","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=897","title":{"rendered":"From MFA mandates to locked-down devices, Microsoft posts a year of SFI milestones at Ignite"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

During its Ignite conference on Tuesday, Microsoft shared a progress update on its Secure Future Initiative (SFI)<\/a>, introduced a year ago, which included significant measures such as enforcing multi-factor authentication (MFA) by default for new tenants, isolating close to 100,000 work devices under conditional access policies, and blocking GitHub secrets from exposure.<\/p>\n

The progress report, structured around Microsoft\u2019s customary six engineering pillars used to assess its advancements, presents a more promising outlook compared to a previous, September update<\/a> that themed around credentials rotation, JIT\/JEA access controls, and threat monitoring.<\/p>\n

[ Related: Microsoft Ignite 2024 news and insights<\/a> ]<\/strong><\/p>\n

\u201cIn May 2024, Microsoft CEO Satya Nadella made security the company\u2019s top priority,\u201d Microsoft said in the report. \u201cSince that time, we have dedicated the equivalent of 34,000 engineers to advance the objectives laid out in SFI, making it the largest cybersecurity engineering project in history.\u201d<\/p>\n

Microsoft also highlighted efforts to embed security into its culture, completing several learning and governance initiatives, including mandatory workforce security trainings through the Microsoft Security Academy, and committing to the CISA \u201csecure by design\u201d pledge<\/a>.<\/p>\n

Microsoft commits to protecting identities, secrets, and systems<\/h2>\n

Microsoft emphasized its commitment to security by integrating a series of \u201csecure by design\u201d frameworks into its processes. The company outlined four key SFI engineering pillars supporting this effort: protecting identities and secrets, isolating production systems to safeguard tenants, protecting networks, and securing engineering systems.<\/p>\n

To this end, the cloud leader with identity tools like Azure AD, Entra, Defender, and Authenticator has enforced MFA by default for all new tenants. Additionally, it is enforcing phishing-resistant MFA across its productivity environments.<\/p>\n

\u201cTo help secure customers, multifactor authentication (MFA) is now on by default for new tenants and will be enforced for the Microsoft Azure Portal, Microsoft Entra admin center, Intune admin center, and Microsoft 365 admin center,\u201d Microsoft said in the report.<\/p>\n

Azure Managed Identity for service-to-service (S2S) has also been implemented on a large scale for Entra ID apps and Azure resources, to help protect secrets such as passwords, storage access keys, and storage SAS tokens from leaks, Microsoft added.<\/p>\n

To mitigate device-based compromises, Microsoft reported having deployed 98,000 production-ready, locked-down devices (operating only secure, limited functionalities), in addition to moving 28,000 \u201chigh-risks users\u201d to a customized and locked down Virtual Desktop Infrastructure (VDI) solution.<\/p>\n

\u201cTo help secure customers, we have introduced a Microsoft Entra Conditional Access template, currently in public preview, which requires device compliance,\u201d Microsoft said.<\/p>\n

Within the \u201cprotect Engineering systems\u201d pillar, which refers to the practices towards reducing the risk of secrets and credentials in Microsoft code, the company has deployed GitHub Advanced Security to block new secrets from being exposed at push within GitHub and Azure DevOps Git repositories.<\/p>\n

To help further tackle secrets leak, Microsoft is working \u201cto remove secrets from code and other unsecured storage and transmission methods and has implemented standards of strong authentication protocols that do not rely on weak mechanisms such as plaintext credentials and that actively detect, block, and remove exposed secrets and credentials.\u201d<\/p>\n

Under network protection, it is making Azure Virtual Network Encryption generally available in all regions and Domain Name System Security Extensions support available in public preview.<\/p>\n

Additionally, to foster \u201cisolation and segmentation\u201d of management as well as services, over 99.3% of physical assets have been inventoried and applied mandatory access control lists (ACLs) on, to isolate their management, Microsoft revealed.<\/p>\n

Intensified focus on threat management<\/h2>\n

Microsoft attributed a handful of other upgrades to the remaining SFI pillars: monitor and detect threats, and accelerate response and remediation.<\/p>\n

To facilitate improved system monitoring for threat detection, Microsoft said it has expanded cloud logging capabilities which include detailed logs of more than 30 types of data and standard log retention for 180 days.\u00a0These capabilities are available to Microsoft 365 customers by default at no additional cost, Microsoft added.<\/p>\n

Additionally, the company reported establishing central management and a two-year retention period for identity infrastructure security audit logs.<\/p>\n

Under threat management initiatives, the company said it addressed 90% of vulnerabilities within the \u201creduced time to mitigate\u201d window for the high-severity cloud vulnerabilities. It also reported publishing close to 800 Common Vulnerabilities and Exposures (CVEs) as part of a transparent communication effort.<\/p>\n

\u201cMicrosoft is continuing to make progress on our targets for SFI,\u201d said Vasu Jakkal, CVP Security, Microsoft. \u201c(In this report), we highlight the investments we are making across the company to identify, prioritize, and address cybersecurity risk across the company.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

During its Ignite conference on Tuesday, Microsoft shared a progress update on its Secure Future Initiative (SFI), introduced a year ago, which included significant measures such as enforcing multi-factor authentication (MFA) by default for new tenants, isolating close to 100,000 work devices under conditional access policies, and blocking GitHub secrets from exposure. The progress report, […]<\/p>\n","protected":false},"author":0,"featured_media":891,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-897","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/897"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=897"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/897\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/891"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=897"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=897"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=897"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}