Every Microsoft Employee Now has a Metric Dubbed “Security Core Priority” tied Directly to performance reviews. This is amon the changes the software giant has put in place to enforce security internal.
In a blog post outlining the steps the company has taken to harden internal security, Charles BellExecutive Vice-President of Microsoft Security, Wrote: “We want every person at microsoft to understand their role in keeping our customers safe and tools to have the tools to act on that responsibility.”
He Said 50,000 Employees Have Participated in the Microsoft Security Academy to improve their security skills and that 99% of of Employees have allied the company's security forthals and Trusts Courses.
In May 2024, Microsoft Introduced a Governance Structure to Improve Risk Visibility and Accountability. Since then, Bell Said Microsoft Has Appointed A Deputy Chief Information Security Officer (CISO) for Business Applications and Consolidated Responsibility Accross Its Microsoft 365 and Experiences Devices Divisions. “All 14 Deputy Cisos Across Microsoft have completed a Risk Inventory and Prioritis,” He Said, Adding that this Creates a Shared View of Enterprise-with Security Risk.
Bell Said New Policies, Behavioral-Based Detection Models and Investigation Methods Have Helped to Thwart $ 4bn in Fraud Attempts.
One example of with modeling can be used is in preventing an attacker Modeling It Assets Using A Graph Can Be Beneficial in Preventing Attackers from successfully moving Microsoft said that modeling it assets as a graph revnels unknown vulnerabilites and classes of knowledge issues that need to be mitigated to reduce what it descrybes as “LATLAL MOTERSES AS”.
According to its April 2025 Progress ReportMicrosoft has made “Significant” steps in adopting a Standard Software Developer's Kit for Ident and Ensuring 100% of User Accounts Are Resistant to Multi-Factor Authentication (MFA) Attacks. However, Among the Areas it's Still Working on is Protection of Cryptographic Signing Keys and Quantum Safe Public Key Infrastructure (PKI).
To Protect High-Risk Production Systems, Microsoft Said That in November 2024, It Moved 28,000 High-Risk Users, Working on Sensitive Workflows, to A Locked-Devn Azure virtual desktop Infrastructure, and is working to improve the user experience for these endpoints.
Regarding Network Protection, The Report Shows that the company is working on implementing network micro segmentation by reimplementing Access control lists,
“Currently, 20% of First-Party IPS [internet protocols] Are tagged and 93% of first-party services have established plans for allocating IPS from tagged ranges and provisioning ip capacity, ”Microsoft said.
It added that it's also introducing new capability to help customers isolate and secure their network resources. These include network security perime, DNS Security Extensions and Azure Bastion Premium Private-Only Mode.
In terms of its internal software development practices, Microsoft Said IT's Been Driving Four Standards to Help Ensure Open SORCE SOFTWARE (Oss) Used In Its Production Envision Sourced from Governed Internal Feeds and Free of Known Critical and High-Severity Public Vulnerabilites.
In the report, Microsoft said component government, a Software composition analysis Tool that tracks oss usage and vulnerabilityes in Oss, have achieved broad adoption and is enabled by default. It also has an offering called Centralized Feed Service, which provides governed feeds for consuming open-through software. According to microsoft, this has reacted broad adoption.