Microsoft has announced a shift in its approach to product security, prioritizing it above all other features. Charlie Bell, Executive Vice President for Security at Microsoft, detailed the company's renewed focus on security in a post on the Microsoft Security blog. The announcement comes in the wake of several high-profile cyberattacks, including breaches by Chinese and Russian hacker groups that targeted Outlook email accounts and accessed Microsoft's top executives' emails and source code.
Expansion of Secure Future Initiative
The tech giant's Secure Future Initiative (SFI) will now encompass six specific categories, integrating recommendations from the US Department of Homeland Security's Cyber Safety Review Board (CSRB). Although the exact categories were not disclosed, the initiative's expansion signifies Microsoft's commitment to bolstering its defenses against cyber threats. Bell highlighted the company's “critical responsibility to earn and maintain trust” in the digital ecosystem, acknowledging the need for heightened security measures.
Results and Future Plans
The shift in security priorities has already produced tangible results. Microsoft has implemented “automatic enforcement of multifactor authentication” for over one million Entra ID users, significantly enhancing account security. Furthermore, the company has either updated or removed 730,000 apps that were either out of their support lifecycle or non-compliant with the new SFI standards.
In a move to further strengthen user account security, Microsoft introduced passkey support for all consumer Microsoft accounts, aiming to provide a more secure and user-friendly authentication method than traditional passwords. This update, which supports facial recognition, fingerprint scanning, and device PINs as authentication methods, is now available across Windows, Google, and Apple platforms.
Microsoft describes this initiative as a significant stride towards realizing its decade-long vision of creating a world devoid of passwords. Starting from the announcement, users can access their Microsoft accounts through desktop and mobile browsers using passkeys, with promises of mobile app support on the horizon.