Microsoft Launches Secure Future Initiative to Accelerate Secure-by-Design Commitments
On November 2, 2023 Microsoft announced the Secure Future Initiative, committing to default multi-factor authentication, expanded memory-safe development, and rapid cloud patching SLAs across Microsoft platforms following U.S. government recommendations.
Executive briefing: Microsoft President Brad Smith announced the Secure Future Initiative (SFI) on , outlining engineering, operations, and policy reforms designed to make Microsoft products secure by design and by default. The initiative responds to lessons from nation-state intrusions and aligns with CISA’s secure-by-design guidance.
Program pillars
- AI and automation in security operations. Microsoft committed to expanding automated patch orchestration and integrating security copilot capabilities into every defender workflow.
- Identity resilience by default. All Microsoft-managed enterprise services will enforce multi-factor authentication (MFA) by default, including Azure AD (Entra ID) and Microsoft 365 tenants.
- Secure coding and memory safety. Engineering teams will accelerate adoption of memory-safe languages, threat modeling, and SBOM delivery across Windows, Azure, and Office.
Implementation guidance
- Track Microsoft product roadmaps for default MFA enforcement timelines and plan customer communication for Entra ID tenants and downstream partners.
- Align vulnerability management SLAs with Microsoft’s commitment to faster cloud patch deployment, ensuring change management processes can ingest accelerated fixes.
- Integrate Microsoft’s secure-by-design documentation into supplier assurance programs and third-party risk assessments.