Securing our future: November 2025 progress report on Microsoft’s Secure Future Initiative

When we introduced the Secure Future Initiative (SFI), our goal was clear: to boost innovation, enhance resilience, and guide the industry towards a safer digital future. Today, we’re excited to share our latest progress report, showcasing steady advancements across all areas and engineering pillars, reaffirming our dedication to security above everything else. We also highlight new innovations designed to better safeguard our customers, as well as how we apply these capabilities to protect Microsoft itself. Thanks to SFI, we have strengthened the security of our platforms and services and improved our ability to detect and respond to cyber threats.

Promoting a Security-First Mindset

Since early 2024, our engineering team’s attitude towards security has grown stronger, with an improvement of nine points. In an effort to raise security awareness, an impressive 95% of our staff has completed the latest training on defending against AI-driven cyber attacks, which remains one of our top-rated courses. Additionally, we’ve created valuable resources for our staff, now available to customers as well, to further enhance security awareness.

Global Governance That Scales

The Cybersecurity Governance Council has expanded, adding three more Deputy Chief Information Security Officers (CISOs) who focus on European regulations, internal operations, and our engagement with a network of partners and suppliers. We’ve launched the Microsoft European Security Program to strengthen our partnerships and better inform European governments about the cyber threat landscape. We’re also collaborating with industry partners to align cybersecurity regulations, promote responsible state behaviour in cyberspace, and enhance cybersecurity capabilities through the Advancing Regional Cybersecurity Initiative in the global south. For further details, explore our cybersecurity policy and diplomacy efforts.

Secure by Design, Default, and Operations

Our teams at Microsoft Azure, Microsoft 365, Windows, Microsoft Surface, and Microsoft Security are continually rolling out innovations to enhance customer protection. We’ve implemented secure defaults, expanded hardware-based trust, and updated security benchmarks to bolster cloud security. Microsoft 365 has introduced a dedicated AI Administrator role while enhancing agent lifecycle governance and data security transparency for greater organisational control and visibility. Similarly, Windows and Surface have advanced Zero Trust principles through additional passkeys, automated recovery options, and memory-safe improvements for firmware and drivers. Microsoft Security has rolled out data security posture management for AI and transformed Microsoft Sentinel into an AI-driven platform with data lake, graph, and Model Context Protocol capabilities.

Benchmark-Setting Engineering Progress

We are consistently making significant strides across all our engineering sectors. Notable accomplishments include enforcing phishing-resistant multifactor authentication (MFA) for 99.6% of Microsoft employees and devices, migrating high-risk users to secure Azure Virtual Desktop environments, completing our network device inventory and lifecycle management, and achieving a 99.5% success rate in detecting and resolving live secrets in code. Additionally, we’ve launched over 50 new detection methods throughout Microsoft infrastructure, with relevant detections set to be added to Microsoft Defender, and allocated $17 million to encourage responsible vulnerability disclosures.

Practical Guidance

To aid customers in enhancing their security, we highlight 10 SFI patterns and practices that can effectively minimise risks. We also provide additional best practices and guidance throughout this report. For a more in-depth assessment of their security posture, customers can utilise our Zero Trust Workshops, which feature SFI-based evaluations and actionable insights to assist customers on their security journeys.

Security as the Pillar of Trust

In today’s interconnected world, cybersecurity has evolved into a necessity—it is fundamental to building trust.

With the equivalent of 35,000 engineers dedicating their efforts to security, SFI stands as the largest cybersecurity initiative in digital history. Looking ahead, we will keep our focus on the highest risks, accelerate the rollout of security innovations, and leverage AI to boost engineering efficiency and facilitate swift anomaly detection and automated remediation.

The landscape of cyber threats will continue to change, and technology will keep advancing. Microsoft will persist in prioritising security above everything else. Our progress underscores a fundamental truth: trust is built through action and accountability.

We appreciate the collaboration of our customers, industry colleagues, and security researchers. Together, we will continue to innovate towards a safer future.

Discover More with Microsoft Security

For further information about Microsoft Security solutions, please visit our website. Don’t forget to bookmark the Security blog for expert insights on important security topics. You can also keep up with the latest news and updates on cybersecurity by following us on LinkedIn (Microsoft Security) and X (@MSFTSecurity).