Agents built into your everyday workflow.
SECURE FUTURE INITIATIVE
Security above all else
Read the November 2025 progress report as part of this multiyear journey to bolster cybersecurity and explore actionable guidance from the Secure Future Initiative (SFI).
Principles
Microsoft Secure Future Initiative
Three principles anchor our approach to the SFI. We’re continuously applying what we’ve learned from incidents to improve our methods and practices, ensuring that security is paramount in everything we create and provide.
Secure by design
Security comes first when designing any product or service.
Secure by default
Security protections are enabled and enforced by default, require no extra effort, and aren’t optional.
Secure operations
Security controls and monitoring will be continuously improved to meet current and future cyberthreats.
Foundations
Foundations of the Secure Future Initiative
Successful business operations and change management are predicated on people, process, and technology working in harmony. These are the foundations of the SFI.
PILLARS
Secure Future Initiative pillars
The six SFI pillars include goals and actions that define our approach to security.
- Reduce the risk of unauthorized access by implementing and enforcing best-in-class standards across all identity and secrets infrastructure, plus user and application authentication and authorization.
Explore actionable patterns and practices from the SFI like secure access at scale with phishing-resistant MFA. - Protect all Microsoft tenants and production environments using consistent, best-in-class security practices and strict isolation to minimize breadth of impact.
Explore actionable patterns and practices from the SFI: - Protect Microsoft production networks and implement network isolation of Microsoft and customer resources.
- Protect software assets and continuously improve code security through governance of the software supply chain and engineering systems infrastructure.
Explore actionable patterns and practices from SFI for building securely at scale with standardized pipelines. - Provide comprehensive coverage and automatic detection of cyberthreats for Microsoft production infrastructure and services.
Explore actionable patterns and practices from the SFI: - Prevent exploitation of vulnerabilities discovered by external and internal entities through comprehensive and timely remediation.
Explore actionable patterns and practices from the SFI to cut risk exposure time with rapid vulnerability fixes.
Our progress
See the highlights
View the most recent highlights in our November report.
35K
Equivalent of full-time Microsoft engineers dedicated to security
17+
Product innovations across Microsoft Azure, Microsoft 365, Windows, Surface, and the Microsoft Security portfolio
NIST CSF
Introduced mapping to the NIST CSF to help customers understand our progress using a recognized industry framework
FAQ
Frequently asked questions
Frequently asked questions
- The Microsoft Secure Future Initiative, launched in November of 2023, is a multiyear commitment that advances the way we design, build, test, and operate our Microsoft technology to ensure that our solutions meet the highest possible standards for security.
- Microsoft launched the SFI to prepare for the increasing scale and high stakes of cyberattacks. SFI brings together every part of Microsoft to advance cybersecurity protection across our company and products. We carefully considered what we saw across Microsoft and what we heard from customers, governments, and partners to identify our greatest opportunities to impact the future of security.For more information on our initial announcement about SFI, see our blog post.
- We plan to keep ourselves accountable and provide the latest SFI news to customers, partners, and the security community through regular updates.
RESOURCES
Explore Secure Future Initiative resources
Keep up with the latest SFI information.
Blog
Explore our progress
Read what Charlie Bell has to say about the latest SFI report (November 2025), which discusses our advancements in this multiyear journey to bolster cybersecurity for Microsoft, our customers, and the industry at large.
November 2025 report
Explore the November 2025 SFI Progress Report
Explore highlights from our November 2025 SFI Progress Report online, with links to each section of the full report so you can get the details you want.
Patterns and practices
Microsoft Secure Future Initiative patterns and practices
Strengthen your organization's security with guidance that uses proven security architectures and best practices.
IDC
Learn from IDC highlights on SFI in action
Explore IDC’s view on SFI and the changes needed by organizations preparing for the future of cybersecurity.
Blog
See where we were in April
Read the April 2025 SFI Progress Report which discusses our advancements in this multiyear journey to bolster cybersecurity for Microsoft, our customers, and the industry at large.
Article
Deceived, not hacked
Why keeping people safe online now starts with smarter design.
Blog
Shaping global policy for a secure future
Learn how to foster a security-first culture in AI, strengthen resilience, and reinforce accountability.
Blog
Building a lasting security culture at Microsoft
Discover how building a lasting security culture is a call to action at Microsoft.