ServiziApri Ticket
Knowledge BaseTeamViewer
AziendaPartner
+39 0350666547info@agoratech.eu

Notizie per Categorie

Articoli Recenti

cybersecurity
15 Maggio 2025
by

​​How the Microsoft Secure Future Initiative brings Zero Trust to life

In this blog, you’ll learn more about how the Microsoft Secure Future Initiative (SFI)—a real-world case study on Zero Trust—aligns with Zero Trust strategies. We’ll share key updates from the April 2025 SFI progress report and practical Zero Trust guidance to help you strengthen your organization’s security posture. Whether you’re looking to enhance protection, reduce risk, or future-proof your environment, this blog offers actionable insights to support your journey toward a more secure future.

Get started with the Zero Trust security model

The Zero Trust security model offers longstanding, proven benefits. Zero Trust minimizes the attack surface and makes it significantly harder for cyberattackers to gain illicit access, whether from outside or inside an organization’s network. Zero Trust is also great at securing hybrid and remote work environments, helping to facilitate secure modernization efforts. Microsoft strongly believes in these benefits and works diligently to share resources, insights, and tools like Zero Trust workshops with customers. As Microsoft innovates in the Zero Trust space, it shares insights with the technology industry and its customers.

In November of 2023, we launched the Secure Future Initiative—a multiyear effort to revolutionize the way we design, build, test, and operate our products and services in order to achieve the highest security standards. In May 2024, Microsoft expanded the Secure Future Initiative to include six engineering pillars and 28 aligned objectives. Engineering owners were assigned to each pillar and established an initial body of work to advance each objective, articulated as standards and measured as key results. In many cases, these objectives and standards are stringent applications of Zero Trust for Microsoft’s unique requirements as a leading hyper-scale cloud operator, provider of cloud services and products, and as a major enterprise target for bad actors.

Zero Trust Workshop

A comprehensive technical guide to help customers and partners adopt a Zero Trust strategy and deploy security solutions end-to-end to secure their organizations. Learn more.

Computer programmer working at night in office.

Zero Trust: What it means for you

Zero Trust assumes cyberattackers can come from anywhere—inside or outside your network. This means that you must “never trust, always verify.” In practice, it also means every access request must be authenticated, authorized, and continuously validated—giving you greater confidence that only the right people and devices can connect to your resources.

How Microsoft helps you put Zero Trust into action

  • Proven guidance and collaboration: We align with the National Institute of Standards and Technology (NIST), The Open Group, the Cybersecurity and Infrastructure Security Agency (CISA), MITRE, and others, helping our customers benefit from industry-standard frameworks and best practices.
  • End-to-end deployment support: From planning to rollout, Microsoft experts, tools, and partner ecosystem guide customers through each of our six security pillars: identities, endpoints, applications, infrastructure, network, and data.
  • AI-ready security: We’ve extended Zero Trust to cover AI workloads and models, embedding Microsoft solutions and governance controls at every layer, so our customers can innovate confidently.

With this comprehensive approach from Microsoft, customers don’t just learn the principles—they gain the ability to apply them across their environment to help reduce risk, simplify operations, and accelerate secure modernization.

Learnings from the Secure Future Initiative for your Zero Trust journey

Microsoft processes more than 84 trillion security signals every day—from devices and endpoints to cloud services and applications—giving us robust visibility into emerging cyberthreats and attack patterns.1 By integrating data and insights with a “never trust, always verify” approach, the Secure Future Initiative at Microsoft builds on established Zero Trust strategies—turning architecture into practical implementation. Insights from this experience can enable you to expedite your Zero Trust implementations. 

A screen shot of a diagram

Key insights from SFI

The journey Microsoft has gone on while implementing the Secure Future Initiative surfaced these practical lessons: use them to accelerate your own security improvements.

Read the April 2025 Secure Future Initiative updates

Lesson 1: Set priorities and measure progress 

Based on our priorities, we developed six pillars and 28 objectives to help us focus on what truly matters. You can do likewise: analyze your top risks, then group them into a set of measurable objectives. This gives your team a clear roadmap and helps prioritize efforts that move the needle.

Lesson 2: Align culture with security goals

We learned that tools alone don’t stick—people do. The Secure Future Initiative’s emphasis on culture, clear security objectives, ongoing training, and individual performance goals creates accountability. Translate this by embedding security accountability into every role and offering continuous, role-based training.

Lesson 3: Strengthen security governance

With SFI, integrating Deputy CISOs from key product and functional areas into the Governance Council has advanced security as a core part of development. That makes it more than just a checkpoint, enabling earlier risk mitigation and improved resilience at scale. You can evolve your approach to governance in step with your growth and key functional areas to ensure visibility and accountability. This will help you accelerate Zero Trust maturity and stay ahead of emerging cyberthreats.

Lesson 4: You can’t protect what you can’t see 

With the Secure Future Initiative, currently, more than 99% of network devices are logged in a central repository for full lifecycle management. These devices use centralized authentication and audit trails, are configured with Access Control Lists (ACLs) for IPv4/v6 to restrict lateral movement and have safeguards in place to prevent key compromise or abuse. Apply this by developing an inventory of your own environment and implementing isolation, monitoring and secure operations. 

Lesson 5: Share learnings and build feedback loops

The Secure Future Initiative is a living case study—sharing progress, learnings, and best practices through reports and blogs. You can also adopt a similar mindset: document what works, share internally and externally (where appropriate), and continuously refine your Zero Trust journey based on your own real-world experiences.

Build secure by design, secure by default, and secure operations

The Secure Future Initiative embeds three foundational principles into everything we do, and you can too:

  • Secure by design: Incorporate threat modeling and risk assessments at the earliest planning phases.
  • Secure by default: Enable guardrails and policies out of the box so users—and cyberattackers—can’t easily disable them.
  • Secure operations: Continuously monitor, test, and iterate on defenses as cyberthreats evolve.

Download our Secure by design: A UX toolkit to integrate these checklists into your development pipelines today.

Key customer takeaways from the April 2025 Secure Future Initiative report

You can learn more about the progress we have made improving our security posture in the April 2025 progress report.  

Below are learnings from that report, and examples of how you can improve your security posture by applying the Zero Trust framework and principles.

1. Protect identities and secrets

Validate controls with attack simulations: Use red team exercises or breach-and-attack-simulation tools to test your identity protections (multifactor authentication, conditional access, just-in-time privilege). Identify gaps, then tune policies and workflows to close them.

2. Protect tenants and isolate production systems

Map and limit lateral paths: Graph your environment’s trust relationships (subscriptions, resource groups, service connections). Pinpoint where a cyberattacker could “hop,” then apply micro-segmentation, just-in-time network access, or privileged identity management to contain any breach.

3. Protect networks

Inventory, monitor, and segment: Ensure every device, virtual machine, and service is inventoried and sending telemetry. Lock down network flows with Zero Trust network policies and micro-segmentation. Use continuous monitoring to detect misconfigurations before they become vulnerabilities.

4. Protect engineering systems

Enforce secure build pipelines: Assign clear code-ownership and integrate security gates into your continuous integration/continuous delivery (CI/CD) pipeline. Adopt infrastructure-as-code templates with embedded guardrails and automatically remediate any drift from your security baseline.

5. Monitor and detect threats

Test your detection end-to-end: Regularly run realistic cyberattack simulations (for example, breach-and-attack-simulation, purple team exercises) across all clouds and on-premises environments. Validate that alerts fire correctly and that your security operations center (SOC) workflows drive timely investigation and response.

6. Accelerate response and remediation

Automate patching at scale: Implement automated operating system (OS) and application updates (Microsoft has deployed automated operating system upgrades to 86% of our first-party Virtual Machine Scale Sets (VMSS)-based services, resulting in more than 91 million upgrades in 2024). Shift left on vulnerability management: integrate scanning and patch-orchestration into your DevOps pipelines.

By adopting these practices, you can harden your Zero Trust posture, reduce risk, and accelerate secure modernization—no matter where you are on your journey.

Additional resources and action items

Get started on your Zero Trust journey: Visit the Microsoft Zero Trust webpage, access the Zero Trust Adoption Framework in the Microsoft Zero Trust guidance center, and download the self-serve Zero Trust Workshop Assessment today.

Read the April 2025 report from the Secure Future Initiative and visit the Microsoft Secure Future Initiative page for more information and resources.

Talk to our experts: Connect through your Microsoft account team or submit a request on the Microsoft Security contact page.

Work with a trusted partner: Use the Microsoft Solution Partner directory to find specialists who can help you deploy and optimize your strategy.

Join the community: Get direct access to engineers and early insights via the Security Tech Community and Customer Connection Program.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

1Microsoft unveils Microsoft Security Copilot agents and new protections for AI, March 24, 2025.

The post ​​How the Microsoft Secure Future Initiative brings Zero Trust to life appeared first on Microsoft Security Blog.


Source: Microsoft Security

Share:

Agora Tech è una società di consulenza informatica. Ci occupiamo di Cybersecurity, Digital Transformation e Digital Marketing.
Partner Microsoft Certificato: Cloud Platform; Small and Midmarket Solutions; Azure Administrator.

Link Utili

Newsletter

AGORA TECH srls | Via Borfuro 7, 24122 Bergamo (BG)
AGORA TECH ® marchio registrato | p.iva IT-04202550168