Constructing on the momentum of our preliminary launch of the Microsoft Safe Future Initiative (SFI) patterns and practices, this second installment continues our dedication to creating safety implementation sensible and scalable. The primary launch launched a foundational library of actionable steerage rooted in confirmed architectures like Zero Belief. Now, we’re increasing that steerage with new examples that replicate our ongoing learnings—serving to prospects and companions perceive our strategic method extra deeply and apply it successfully in their very own environments.
This subsequent set of SFI patterns and practices articles embody sensible, actionable steerage constructed by practitioners, for practitioners, within the areas of community, engineering methods, and safety response. Every of the six articles consists of particulars on how Microsoft has improved our safety posture in every space so prospects, companions, and the broader safety group can do the identical.
| Sample title | SFI Pillar | What it helps you do |
| Community isolation | Shield networks | Include breaches by default. Strongly phase and isolate your community (by way of per-service ACLs, remoted digital networks, and extra) to stop lateral motion and restrict cyberattackers in the event that they get in. |
| Safe all tenants and their sources | Shield tenants and isolate methods | Assist eradicate “shadow” tenants. Apply baseline safety insurance policies, reminiscent of multifactor authentication (MFA), Conditional Entry, and extra, to each cloud tenant and retire unused ones, so cyberattackers can’t exploit forgotten, weakly-secured environments. |
| Increased safety for Entra ID apps | Shield tenants and isolate methods | Shut id backdoors. Implement excessive safety requirements for all Microsoft Entra ID (Azure AD) functions—eradicating unused apps, tightening permissions, and requiring sturdy authorization—to dam widespread misconfigurations cyberattackers abuse for cross-tenant assaults. |
| Zero Belief for supply code entry | Defending engineering methods | Safe the dev pipeline. Require proof-of-presence MFA for vital code commits and merges to assist guarantee solely verified builders can push code and cease cyberattackers from surreptitiously injecting modifications. |
| Shield the software program provide chain | Defending engineering methods | Lock down builds and dependencies. Govern your steady integration and steady supply (CI/CD) pipelines and package deal administration—use standardized construct templates, inside package deal feeds, and automatic scanning to dam provide chain cyberattacks earlier than they attain manufacturing. |
| Centralize entry to safety logs | Monitoring and detecting threats | Velocity up investigations. Standardize and centralize your log assortment (with longer retention) in order that safety groups have unified visibility and might detect and examine incidents quicker—even throughout advanced, multi-cloud environments. |
Extra about SFI patterns and practices
Simply as software program design patterns present reusable options to widespread engineering issues, SFI patterns and practices supply repeatable, confirmed approaches to fixing advanced cybersecurity challenges. Every sample is crafted to deal with a selected safety danger—legacy infrastructure or inconsistent CI/CD pipelines—and is grounded in Microsoft’s personal expertise. Like design patterns in software program structure, these safety patterns are modular, extensible, and constructed for reuse throughout various environments.
Moreover, every sample within the SFI patterns and practices library follows a constant and purposeful construction. Each article begins with a sample title—a concise deal with that captures the essence of the cybersecurity problem. The downside part outlines the safety danger and its real-world context, serving to readers perceive why it issues. The resolution describes how Microsoft addressed the difficulty internally. The steerage part gives sensible suggestions that prospects can take into account making use of in their very own environments. Lastly, the implications part outlines the outcomes and trade-offs of implementing the sample, serving to organizations anticipate each the advantages and the operational concerns.
This construction presents a framework for understanding, making use of, and evolving safety practices.
Subsequent steps with SFI
Safety is a journey, and Microsoft is dedicated to sharing our insights from SFI. Look ahead to extra actionable recommendation in coming months. SFI patterns and practices present a roadmap for placing safe structure into follow. Embracing these approaches permits organizations to advance their safety posture, reduce deployment hurdles, and set up environments which are safe by design, by default, and in operations.
To get entry to the total library, go to our new SFI patterns and practices webpage. And take a look at the brand new SFI video on our redesigned web site to listen to instantly from Microsoft management about how we’re placing safety above all else.
Let’s construct a safe future, collectively
Discuss to your Microsoft account crew to combine these practices into your roadmap.
To be taught extra about Microsoft Safety options, go to our web site. Bookmark the Safety weblog to maintain up with our professional protection on safety issues. Additionally, comply with us on LinkedIn (Microsoft Safety) and X (@MSFTSecurity) for the most recent information and updates on cybersecurity.
