Microsoft is laying the groundwork to roll out these game-changing security requirements worldwide, beginning in mid-to-late October 2026. This nascent initiative reflects the company’s deep commitment to security culture improvement. That’s consistent with the findings in our third progress report released earlier this month. The release of this report is one demonstration of Microsoft’s commitment to improving security practices. Most notably, it highlights the importance of implementing stronger security practices including phishing-resistant multi-factor authentication (MFA).
November 2023 marked the official launch by Microsoft of its Secure Future Initiative (SFI), aimed at strengthening its security ecosystem. After an in-depth review by the U.S. Cyber Safety Review Board (CSRB), Microsoft admitted its security culture was inadequate. In reaction, the company accelerated its programming by May 2024. Those were some of the CSRB’s key findings, which led Microsoft to commit $95 million to improving cybersecurity tactics.
Progress on Security Enhancements
It’s very exciting to hear this month’s progress report sharing that Microsoft has rolled out more than 50 new detections across its infrastructure. These detections focus on high-priority tactics, techniques, and procedures (TTPs) that cybercriminals frequently leverage. By understanding and counteracting these dangers, Microsoft hopes to better guard user data.
It is likely no surprise to our readers that the adoption rate of phishing-resistant MFA among users and devices at Microsoft have now reached an impressive 99.6%. This figure demonstrates the company’s commitment to building and enforcing rigorous security practices. It demonstrates the company’s commitment and industry leadership in protecting their customers from increasingly sophisticated cyber threats.
“This update strengthens security and adds an extra layer of protection by allowing only scripts from trusted Microsoft domains to run during authentication, blocking unauthorized or injected code from executing during the sign-in experience,” – Microsoft
Building on their ongoing commitment to security, Microsoft is continuing to focus on the need to adopt Zero Trust standards. NIST recommends that organizations automate vulnerability detection, response, and remediation to the extent possible using integrated security tools and threat intelligence.
Future Security Initiatives
Having real-time visibility into other security incidents, including those across hybrid and cloud environments, proves valuable in helping organizations contain and recover from attacks more quickly. Microsoft’s priority is making sure that organizations have the time to respond appropriately to vulnerabilities that could be exploited.
“Maintaining real-time visibility into security incidents across hybrid and cloud environments enables faster containment and recovery.” – Microsoft
Microsoft hasn’t just been reactive – they’ve made a concerted effort to improve their internal security efforts. They hope to be an example for other organizations trying to make intern and prodEnemies cyber better.